Overview

overview

10

Static

static

4

HowToBeatP...ci.pdf

windows7-x64

3

HowToBeatP...ci.pdf

windows10-2004-x64

3

NEW PAYPAL...14.pdf

windows7-x64

3

NEW PAYPAL...14.pdf

windows10-2004-x64

3

PolishPaypal.pdf

windows7-x64

3

PolishPaypal.pdf

windows10-2004-x64

3

Profiting ...i.html

windows7-x64

3

Profiting ...i.html

windows10-2004-x64

3

ScrewPaypal.pdf

windows7-x64

3

ScrewPaypal.pdf

windows10-2004-x64

3

StealthPaypal.pdf

windows7-x64

3

StealthPaypal.pdf

windows10-2004-x64

3

The Ultima...de.pdf

windows7-x64

3

The Ultima...de.pdf

windows10-2004-x64

3

Unlimited ...ut.pdf

windows7-x64

3

Unlimited ...ut.pdf

windows10-2004-x64

3

Yasuo.Payp....5.lnk

windows7-x64

10

Yasuo.Payp....5.lnk

windows10-2004-x64

10

files/Yasu....5.exe

windows7-x64

10

files/Yasu....5.exe

windows10-2004-x64

10

paypal stealth.pdf

windows7-x64

3

paypal stealth.pdf

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2024 23:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PolishPaypal.pdf

  • Size

    40KB

  • MD5

    8ccd0910daa227a0333e7198aa698a8e

  • SHA1

    0232b99524d17c26fa09bfa2230f5fb7aadf433a

  • SHA256

    1913f5048d667984b35b89f695b26e52d398034d222736c1d0d5120a9f8431c6

  • SHA512

    a9286c7d1211992f81cd88bd5f33142f6beea2e71cd311cdd52878e84900f6476c2254879a56f3da5e69992e63d9cc73b4a74c72657e271e63269efdc69eff71

  • SSDEEP

    768:TN/EfO0OMYgixR0HsWlLox4Vk4PBO6tRckYl0HPfmd1a4dtkRgmT2nMDzssdvJfd:VE5QgUyxYGr5xRckYl0HP+dQgs2n+Rl

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\PolishPaypal.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    4d932256a600f05039b14db70b5873dc

    SHA1

    acf6ac965df58b4b7c749eff0082127c29fdee3b

    SHA256

    f3b8e73b9c3345ee63174d851c02326c8a80b75dac0e823c6a9a4e3cf5a68b28

    SHA512

    bd6d5e55ed21991515be488ba03bea57b0837a6b776ca98ed3b871d56a356b30b751fc7015254a70aa4360bb6532e755a0038aa5dd069fa12b55e455041597d3

    Download Submit