Analysis
-
max time kernel
121s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
01-01-2025 19:48
General
-
Target
CVE-2018-15982_PoC.swf
-
Size
12KB
-
MD5
82fe94beb621a4368e76aa4a51998c00
-
SHA1
b7c79b8f05c3d998e21d01b07b9ba157160581a9
-
SHA256
c61dd1b37cbf2d72e3670e3c8dff28959683e6d85b8507cda25efe1dffc04bdb
-
SHA512
055677c2194ff132dc3c50ef900a36a0e4b8e5b85d176047fdefdec049aff4d5e2db1ccffefaf65575b4ca41e81fd24beb3c7cfd2fce6275642638d0cf624d27
-
SSDEEP
192:gR6qPBBRRcrxFx/pHPn9moz7p/+tqHM41rftZDBLj9b5d/:gwqDcLx/pH/IoBiqH/BfbDBLj9b5h
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\CVE-2018-15982_PoC.swf1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CVE-2018-15982_PoC.swf2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CVE-2018-15982_PoC.swf3⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD566ec168fe7287fb9ac5a4630841e0601
SHA162727ab1a656d272119a284e2260d4f55173258b
SHA2561bda8b24b99c5ead1c7ec01a5f94a1ffad93490002193414ab7d63ed45615650
SHA512567c179d665a0a2a259c8438c3553eb0cb9cb8be7ef04913ec2dd7df5e0780e0784c138f366ddb422766f27769fdc71e73feb6f3801ffac97703b3cb55b4370b
-
Filesize
342B
MD5ecbbec32819c87135a8e019ae83018b0
SHA1204387fb559d947d8142a9a8eacc7637e10c86aa
SHA256cc9d505c2caf240cde2d1cb34a28f680edfbb23c2cfecd7f11f47978c02a0868
SHA5127ec80cedad5cca9f7332a4c204ea01e041e435be57127215d44c391436ad9cca9489473ff890171747f4bb6ee952a0a77a0d5f608b00b561ea7a648b566ab3c3
-
Filesize
342B
MD56ab29f86139f6cdf8b23db2bd1a6fdf9
SHA14490a067fc16744520327f1b847d22af184c5de5
SHA25672476ad8058a397e4ec98fcaa3163e5e6cd7fae7d49d9d5b8ff8932771c51896
SHA512e452237a784ed73f4080c52b3d82358fe273445642b0487d25450e12444681ec3cd4ce36f955b697658234bc57aeac6d98de11d07b201f88a650a509a53bef20
-
Filesize
342B
MD5421189d0c2609a8d111b4cbd25e32fb8
SHA1793962226c725a3c21c3ebc4c884102ac9bd3fd4
SHA256bee1f78c69475b4f801f413368a243baff2382febc77ecd7e6e1070a414aaf9b
SHA5127167aff4d519fc426d80879e3715db69575a623274aab029db3b99ca741068ba49c07e10fe92d26e36c1a9eb93b0a007fe99543e02ed5cae18cc6264acd0e4a5
-
Filesize
342B
MD54349a833799374fa10c6fe7c8398233f
SHA1f69640582f621d7b0a42f10817895ce5cd1e0c11
SHA2560818057b0cfb32e2ab658bd1560d6c3d9adb9873dd9ce7d56ee8376054111cdf
SHA51277cd261e6715e113d25c83657ed2b268bf736e97b15cabe7249c8ee556d013b852e1658b11c73fab8ba95aac7230a44629048082ec3466a67f9890be1fd5a53f
-
Filesize
342B
MD527afda6938e48d7b065f7bbc6c01e673
SHA1f5da1aa4a0341637cb1593c81644578654badfb4
SHA2568ccd8094be0bf3064e8e27ca1fa74dbf7b740342d63d31a82fa9e1a376ada97a
SHA512caf59897cb16b551f2322ad90fe9571789a48435f5ce1bc6b8ccfe0108ccd12728a846fd9b94b67b913019f1520860d4a8f28caa0072f40321344e1542e1e8d5
-
Filesize
342B
MD5dcd6a218cadfef03ad6f99a86d7bb2cc
SHA11e9f14b1abf4d4bab691804da7f33371f1fa0d1e
SHA256cc1dd449eba5879b0ff7a27e0d779abe7058d22f7188a661854250f01b8c9b95
SHA512e8115a19d2e4499fa6c9add1904666843a60bfffe2f52c56007f15f8f434d45e09fa3c8a4c2cbde0cb213100b87938e346115acb6f9dca8e92331a48257a99b5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b