Overview

overview

10

Static

static

8

1.bin/1.bin.exe

windows7_x64

10

1.bin/1.bin.exe

windows10_x64

10

2019-09-02...10.exe

windows7_x64

10

2019-09-02...10.exe

windows10_x64

10

31.exe

windows7_x64

10

31.exe

windows10_x64

10

3DMark 11 ...on.exe

windows7_x64

1

3DMark 11 ...on.exe

windows10_x64

1

5da0116af4...18.exe

windows7_x64

8

5da0116af4...18.exe

windows10_x64

8

Archive.zi...3e.exe

windows7_x64

8

Archive.zi...3e.exe

windows10_x64

8

CVE-2018-1...oC.swf

windows7_x64

3

CVE-2018-1...oC.swf

windows10_x64

3

CVWSHSetup...1].exe

windows7_x64

3

CVWSHSetup...1].exe

windows10_x64

3

DiskIntern...en.exe

windows7_x64

1

DiskIntern...en.exe

windows10_x64

1

ForceOp 2....ce.exe

windows7_x64

10

ForceOp 2....ce.exe

windows10_x64

10

HYDRA.exe

windows7_x64

10

HYDRA.exe

windows10_x64

10

Keygen.exe

windows7_x64

10

Keygen.exe

windows10_x64

10

Lonelyscre...ox.exe

windows7_x64

1

Lonelyscre...ox.exe

windows10_x64

1

LtHv0O2KZDK4M637.exe

windows7_x64

10

LtHv0O2KZDK4M637.exe

windows10_x64

10

Magic_File...ja.exe

windows7_x64

1

Magic_File...ja.exe

windows10_x64

1

OnlineInstaller.exe

windows7_x64

8

OnlineInstaller.exe

windows10_x64

8

Analysis

  • max time kernel
    78s
  • max time network
    90s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    18/11/2020, 16:58 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CVE-2018-15982_PoC.swf

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\CVE-2018-15982_PoC.swf
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CVE-2018-15982_PoC.swf
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1968

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.