Overview

overview

4

Static

static

4

thinkphp_2...&A.pdf

windows7-x64

3

thinkphp_2...&A.pdf

windows10-2004-x64

3

thinkphp_2...��.pdf

windows7-x64

3

thinkphp_2...��.pdf

windows10-2004-x64

3

thinkphp_2...��.pdf

windows7-x64

3

thinkphp_2...��.pdf

windows10-2004-x64

3

thinkphp_2...ʾ.pdf

windows7-x64

3

thinkphp_2...ʾ.pdf

windows10-2004-x64

3

thinkphp_2...��.pdf

windows7-x64

3

thinkphp_2...��.pdf

windows10-2004-x64

3

thinkphp_2...��.pdf

windows7-x64

3

thinkphp_2...��.pdf

windows10-2004-x64

3

thinkphp_2...��.pdf

windows7-x64

3

thinkphp_2...��.pdf

windows10-2004-x64

3

thinkphp_2...x.html

windows7-x64

3

thinkphp_2...x.html

windows10-2004-x64

3

thinkphp_2...ss.ps1

windows7-x64

3

thinkphp_2...ss.ps1

windows10-2004-x64

3

thinkphp_2...d.html

windows7-x64

3

thinkphp_2...d.html

windows10-2004-x64

3

thinkphp_2...e.html

windows7-x64

3

thinkphp_2...e.html

windows10-2004-x64

3

thinkphp_2...y.html

windows7-x64

3

thinkphp_2...y.html

windows10-2004-x64

3

thinkphp_2...t.html

windows7-x64

3

thinkphp_2...t.html

windows10-2004-x64

3

thinkphp_2...1.html

windows7-x64

3

thinkphp_2...1.html

windows10-2004-x64

3

thinkphp_2...x.html

windows7-x64

3

thinkphp_2...x.html

windows10-2004-x64

3

thinkphp_2...w.html

windows7-x64

3

thinkphp_2...w.html

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 15:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    thinkphp_2.1_full/Docs/ThinkPHP 2.1 ʾʹ˵.pdf

  • Size

    276KB

  • MD5

    a33e62593a36164de60b446e9e07521d

  • SHA1

    e1f59d3f12eb3bcb1f44bd24ffa94f23acb4d50c

  • SHA256

    62016c2f56d7a6e7328306d75f056fe256a726ba80d77ae2f0c80bd129f312af

  • SHA512

    7d3f160cb1c12e49fc14907af002165bd7353bed5ed2a427c16ba237c69bcb10c7bc46d5d7c2ac3016177737b0d5927da2bcac1e9bc8e665eb3138e5e7b6c607

  • SSDEEP

    6144:kkWwwfsW+3kDt+ClZ1TuGs66ExvcpIIil5jp5qg:kkWlr+3etZZ1yGs66Exvd35jp5t

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\thinkphp_2.1_full\Docs\ThinkPHP 2.1 ʾʹ˵.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:540

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
          Filesize

          3KB

          MD5

          e7c87ddac423caaf86e39f6309a38002

          SHA1

          d92b9a465e8ca0bc061e1f5a5e6efef5adfea353

          SHA256

          01bd67890d3ce1cd5374f3f3e235c45859589ab2740be2818be248f1427fc56b

          SHA512

          5570df31f86ed149b6adf8babd9183e56977a834854d05c35f7af7af4b97a9f9ef0c72819ddd860389aeac1d69b3f57edc3be66f4f242c996ab7772f4d5ca500

          Download Submit