Overview

overview

4

Static

static

4

thinkphp_2...&A.pdf

windows7-x64

3

thinkphp_2...&A.pdf

windows10-2004-x64

3

thinkphp_2...��.pdf

windows7-x64

3

thinkphp_2...��.pdf

windows10-2004-x64

3

thinkphp_2...��.pdf

windows7-x64

3

thinkphp_2...��.pdf

windows10-2004-x64

3

thinkphp_2...ʾ.pdf

windows7-x64

3

thinkphp_2...ʾ.pdf

windows10-2004-x64

3

thinkphp_2...��.pdf

windows7-x64

3

thinkphp_2...��.pdf

windows10-2004-x64

3

thinkphp_2...��.pdf

windows7-x64

3

thinkphp_2...��.pdf

windows10-2004-x64

3

thinkphp_2...��.pdf

windows7-x64

3

thinkphp_2...��.pdf

windows10-2004-x64

3

thinkphp_2...x.html

windows7-x64

3

thinkphp_2...x.html

windows10-2004-x64

3

thinkphp_2...ss.ps1

windows7-x64

3

thinkphp_2...ss.ps1

windows10-2004-x64

3

thinkphp_2...d.html

windows7-x64

3

thinkphp_2...d.html

windows10-2004-x64

3

thinkphp_2...e.html

windows7-x64

3

thinkphp_2...e.html

windows10-2004-x64

3

thinkphp_2...y.html

windows7-x64

3

thinkphp_2...y.html

windows10-2004-x64

3

thinkphp_2...t.html

windows7-x64

3

thinkphp_2...t.html

windows10-2004-x64

3

thinkphp_2...1.html

windows7-x64

3

thinkphp_2...1.html

windows10-2004-x64

3

thinkphp_2...x.html

windows7-x64

3

thinkphp_2...x.html

windows10-2004-x64

3

thinkphp_2...w.html

windows7-x64

3

thinkphp_2...w.html

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    19-08-2024 15:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    thinkphp_2.1_full/Docs/ThinkPHP 2.0ȫֲ.pdf

  • Size

    2.1MB

  • MD5

    afb3c914ac20d3abdfc5a385b5551077

  • SHA1

    d001c1a4417c8d41da136eabdab9a679ba6ecfd2

  • SHA256

    0d71dc87f8ef2095338fd9f5384494fd5f14b2db9563c41dcbd3b6713b0cb2d7

  • SHA512

    3fdbf69a29ed8b805ae31afdcccc21600846b25c4d4d61ccda2eaa32cf630d773abd5b1d677c59f23cb51757e143e1fa1f19db743b3ab5a0cb46c61d0138de69

  • SSDEEP

    49152:0WWuFeyK1lOoa9x7yPsuVe+DixTScsDLmoSsBCOkkr:0WhkWoa96O+DOTSDeoVCdq

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\thinkphp_2.1_full\Docs\ThinkPHP 2.0ȫֲ.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    7f9358c2843126c9a0e6837f798d6968

    SHA1

    a1683fea6eb3ea65a03d5ebd7d1f9b82a594db9a

    SHA256

    0e76400cbb3162a48170022c5c705969874c15076a988b9b207afde24475feef

    SHA512

    edc8c814705befc42da8b4a89fe3f4e455f01be3da6f015e039ef22281d8ca2d3ed797052b159531e0631e35215f47d96fc99e7c08ed71af3373890b362b2135

    Download Submit