MALICIOUS
100
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a lure related to a 'town hall minecraft schematic' and embeds a link to a known malicious redirector. The heuristic 'SE_ADVANCE_FEE_SCAM_LURE' indicates the document's content is designed to trick users into paying fees, likely by promising a prize or parcel. The embedded URL, https://ttraff.link/wix?keyword=town+hall+minecraft+schematic, is the primary indicator of malicious activity, leading to further malicious infrastructure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=town+hall+minecraft+schematic
- http://winat.kellysserenityhouseinc.com/uploads/1/3/2/6/132680981/df7829f43.pdf
- http://pujoxo.peacefulgamers.com/uploads/1/3/2/6/132681862/lujaterubuwef.pdf
- http://files.bernardcollin.com/uploads/1/3/2/8/132815220/623a72.pdf
- http://files.kimberlyjherb.com/uploads/1/3/1/4/131407734/6aaa27c09255.pdf
- http://files.hasdssmrjones.com/uploads/1/3/1/8/131856039/96235d912e7.pdf
- http://retor.interimarketing.com/uploads/1/3/1/6/131606289/fetofekunanu_lakemososu_nofaxele.pdf
- https://5c319126-586a-49a2-a05e-c6618b58721e.filesusr.com/ugd/98e2de_56cc01119fd74b62a40ed386af78f984.pdf?index=true
- https://40127e83-6fdf-444f-b260-dbf393a17113.filesusr.com/ugd/fb5067_fc4523dba1b14127b6ef9b9c648541dc.pdf?index=true
- https://d938f486-9d70-4d7d-906c-75bedf8b3881.filesusr.com/ugd/b7ab08_dca05a6d2b054c93b383dd37d68c2ef2.pdf?index=true
- https://914fb6ea-14bd-41e0-b47e-2c68093046f6.filesusr.com/ugd/7a359d_37776cea56724c98bd413e50912b198d.pdf?index=true
- https://158242c9-902e-44c1-af04-4e7d39727589.filesusr.com/ugd/834936_99cedd9f03134181afc0d6a62d1ff56b.pdf?index=true
- https://6f306db5-fcbb-4ce9-b3ca-e8b69f310f04.filesusr.com/ugd/8e1900_85ef594694e5418b80fe204d898f5382.pdf?index=true
- https://f9c06c49-4ef6-4c93-baa9-440936b932c7.filesusr.com/ugd/f4de5e_6d0ff53545e846f9bd8a1ce804fa3e44.pdf?index=true
- https://c6b505b6-4125-4975-aab1-85371b061e24.filesusr.com/ugd/d43733_e1a1bcaeab574f56bb12020ef8bed608.pdf?index=true
- https://b7dac5a8-12e0-46f2-9467-e4ca81380e96.filesusr.com/ugd/5ed537_6ea42ee77771426396bb074d75b9d946.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0002d416.bin3c314c89033bd8c5f10de9748d7cc47930df0d58f1df79478408d199b8f24fde |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2D416 | 5160 bytes |
font_01_sfnt_off0002e58a.binabc5312c85633a4e5c48f038a5684a4d1efb6146d26020eab79120fa3f042d6b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2E58A | 11104 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.