Overview

overview

4

Static

static

4

thinkphp_2...&A.pdf

windows7-x64

3

thinkphp_2...&A.pdf

windows10-2004-x64

3

thinkphp_2...��.pdf

windows7-x64

3

thinkphp_2...��.pdf

windows10-2004-x64

3

thinkphp_2...��.pdf

windows7-x64

3

thinkphp_2...��.pdf

windows10-2004-x64

3

thinkphp_2...ʾ.pdf

windows7-x64

3

thinkphp_2...ʾ.pdf

windows10-2004-x64

3

thinkphp_2...��.pdf

windows7-x64

3

thinkphp_2...��.pdf

windows10-2004-x64

3

thinkphp_2...��.pdf

windows7-x64

3

thinkphp_2...��.pdf

windows10-2004-x64

3

thinkphp_2...��.pdf

windows7-x64

3

thinkphp_2...��.pdf

windows10-2004-x64

3

thinkphp_2...x.html

windows7-x64

3

thinkphp_2...x.html

windows10-2004-x64

3

thinkphp_2...ss.ps1

windows7-x64

3

thinkphp_2...ss.ps1

windows10-2004-x64

3

thinkphp_2...d.html

windows7-x64

3

thinkphp_2...d.html

windows10-2004-x64

3

thinkphp_2...e.html

windows7-x64

3

thinkphp_2...e.html

windows10-2004-x64

3

thinkphp_2...y.html

windows7-x64

3

thinkphp_2...y.html

windows10-2004-x64

3

thinkphp_2...t.html

windows7-x64

3

thinkphp_2...t.html

windows10-2004-x64

3

thinkphp_2...1.html

windows7-x64

3

thinkphp_2...1.html

windows10-2004-x64

3

thinkphp_2...x.html

windows7-x64

3

thinkphp_2...x.html

windows10-2004-x64

3

thinkphp_2...w.html

windows7-x64

3

thinkphp_2...w.html

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19-08-2024 15:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    thinkphp_2.1_full/Examples/Blog/Tpl/default/Blog/add.html

  • Size

    9KB

  • MD5

    f8ee4f1b6e2d34c78de460eda6863178

  • SHA1

    4ad1c608bccbb23fa8f11037ae9c7979ec72f2d8

  • SHA256

    0090a0b263fa570e616fb21f7f964f609c667768e7bfee872414852b1e1ad17e

  • SHA512

    8ff6732b9efc30d56868d7f8ae5d41fe0c949982f8d0f092047fe25dc673ce6b0704aea36d34167da1896d2d637844fbd8b605886b5f85ed2a4af10069a5be2c

  • SSDEEP

    96:ynK4w440D4kz4RDsF4JLy3LL1hNt32RXWvKJKo6GPL/o2UBFNNIJOGXY:ynvrEV9LJGj5v5vNaXY

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\thinkphp_2.1_full\Examples\Blog\Tpl\default\Blog\add.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6fb6d5c0e0123e6044640fbe320afe61

    SHA1

    5ed98a39f63fa0ab4e298ccba768afae98d78a49

    SHA256

    a2871a4fa421a1666a72eb74bbc17179dd6f8a87b9fb4ea19ed3735e21f0d0a8

    SHA512

    a26c34ff9476d493f42d8f161f0fdda6d43cc4359071dec978727fa246284eef4c1e7a88dd2aa8eeeeb48d8054590ee465686baec685c6e6d8bac7c034794c98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    844e19c2342ba677db11d40f1d7a898e

    SHA1

    7d8316beac39180e79d824dd4d18b24218cc5008

    SHA256

    adfd6f3648ce269865e08800bf45de89cde07546950c378065106202c901566e

    SHA512

    f76fac69350c3ac26af364eaabf6a665ed6a6da2e57c7d38effc42740e403ac451f9ab1f404e09ec21ee5a6ab7bb2d6efea877b970dd5b703d328f6473fb2808

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41b0b003725ff4174185b1d0553aa2c2

    SHA1

    a8fe6104671626ab26c217868549e0ec5fd52a5f

    SHA256

    1651faae55f13ac47472cc3e5a1c3b68094c181fa1ecc4a0034d2bf3bba7d6a0

    SHA512

    db07314b4d7aa7653e0b266028462df25810e2aac52763d06ee5d6cda62e3495fbd0097fe37f36ac6a11beb23a161fb034a6d8e9f7116516d183a2b4664b4033

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8192529049dd9de02c0eeb76609449d2

    SHA1

    fc34fa0c0c98cd48eaad55ed9669e73a96722cd5

    SHA256

    38dee38dc09281657f0deb6ea80b291b06f92bb5866a4b87bb1dd39f32159a46

    SHA512

    dd4ccc0fda54361421a1d7dfa0253b51d156252df06165b54ce3ef17ca4908f3532384546557b61c48854ca93053855635ea20483ae33164ba4dd127118fdcd5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73a91b4ceeac06e47edaccc8a83caf07

    SHA1

    731f95edf13bad9891ae20d69c461e71b4895ce8

    SHA256

    168b31a7704b8fa3656c583d15b138792cc181dcd2e675afc632cfa0a8f6ecf7

    SHA512

    a9001586d5ddf107fb6487bb4558f23e5e4e113c507b8165dadf61e2acfafa6fb13cf15db2555652573a989256c2f3a3c6600dc9a2e7dd3048009a5e676c6d5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    beca8cce02063428f68dd9416a0afffa

    SHA1

    b42121e580ce92d96488d8e4f1d5b725e524d8d0

    SHA256

    248e647b80b5374d926e5f6c277d1e0ee44c804f99f94b56fd830017aaddf354

    SHA512

    a5bf82ffbef42d7dd05f9d1365ae35c0369bd82cfdcdd6f10b3dc44519f652657f47b9a9ed0525dc0f20e5d1f1c35c3a63ae148a22f3a7265af25fe74f50ed22

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70a5e5ad101df44d196746efd7debe6d

    SHA1

    fddbecf88ce666cea724bd63e5d05572e43ff60f

    SHA256

    a75527a649c2cbff015661e67828e46ba05bfa178bf150d46c300f5b55e68b5a

    SHA512

    0ca60a4ee4e7114da8e67cc25d70e61379ae4cbc2ec5e8f101b0efc196742920300d2c9810072c34341d95a8833ae9b3b4ee19e117cd4ea930bd04e1127a1699

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d5484285d82b3993d64b3ed48aaf1d3

    SHA1

    b0a21d3b3f60fdc92e83623c6564e0b983d8cca4

    SHA256

    40b9201c99403bf5811fe2d51cfa0d5f212fb5f6cc51917489e1bd774cae1673

    SHA512

    b6a5d87c3779d4a5c156d5f86d1b74783f37e2536e1863c5378ec3bf0df961767e844b27576ebe0ac1fa66957e07375e598eb740f7f7ce20004bc60475a975a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7262f505481d2274b5449802235636cb

    SHA1

    6a718f132ea991cac33140f5a39507d5e6f627b3

    SHA256

    89d3ec081714e0718097662e02088f563e594b74c6d4c12f6b5d6e4798b35d4b

    SHA512

    38d064218aeb9594ee957d9f6b4daab05fd7c62de22d0a442fac48674abcee6fa9adbc6ee84d2d239c737acafd3952a348f7b37af9b20dd03a3cbeaa290b89dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8f468d114da8664ba3ca80c7ff4de12

    SHA1

    58a2626952697a007ee0543f92ea83577b7f8f93

    SHA256

    ba0c1d120ae1a721b394ddc38fea503784d9f9b2af1af6b14d22c8b7ca155f40

    SHA512

    44517e839a6385c003838bad4ef0857060231ee8d3b9d398d2a48b913ac4037b63f69a41c22ee1d01e85adbf8813ce01a00dcf96978d0cbb0b9484ecefdfe7ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3eaea862022a8066f80263e7f1c3cc4a

    SHA1

    b5c7740dd192ad2e9d9f44742dcd258c4fd717f6

    SHA256

    b4a728d88e29f2fa9c6d75dbf09fe16126c68dd4fc943821519ddc28d3535311

    SHA512

    ff4084dfede9189a82ef7454e46a654062de5b74212dd408c1e39732d4f6957cb859e079454c627d48851901791f62339fe8e09a2c70abcd01442f5c475be48e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    981a1659e4e39809a4706bdbe8eba705

    SHA1

    992b764971bd454fec8dfe7a5db8af2ac86679ea

    SHA256

    19011417609d8262ca749f590a0e07e5cfab842f7410f20e1438b243a7471467

    SHA512

    2e67569cbf6b49f4ab4af75d29d7daab0c8b71b5e8bd92d926ac3575534d87dc696d75b34c163ad5350408313dab8c7c8d4764219af7e1bf039ec1c2db11239d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE6BA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE788.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit