Overview

overview

10

Static

static

10

241105-dtx...ed.zip

windows7-x64

1

241105-dtx...ed.zip

windows10-2004-x64

1

d91912b4b9...37.rar

windows7-x64

1

d91912b4b9...37.rar

windows10-2004-x64

1

08751be484...2d.dll

windows7-x64

10

08751be484...2d.dll

windows10-2004-x64

10

0a9f79abd4...51.exe

windows7-x64

3

0a9f79abd4...51.exe

windows10-2004-x64

3

0di3x.exe

windows7-x64

10

0di3x.exe

windows10-2004-x64

10

201106-9sx...ed.zip

windows7-x64

1

201106-9sx...ed.zip

windows10-2004-x64

1

2019-09-02...10.exe

windows7-x64

10

2019-09-02...10.exe

windows10-2004-x64

10

2c01b00772...eb.exe

windows7-x64

10

2c01b00772...eb.exe

windows10-2004-x64

7

31.exe

windows7-x64

10

31.exe

windows10-2004-x64

10

3DMark 11 ...on.exe

windows7-x64

3

3DMark 11 ...on.exe

windows10-2004-x64

3

42f9729255...61.exe

windows7-x64

10

42f9729255...61.exe

windows10-2004-x64

10

5da0116af4...18.exe

windows7-x64

7

5da0116af4...18.exe

windows10-2004-x64

10

6306868794.bin.zip

windows7-x64

1

6306868794.bin.zip

windows10-2004-x64

1

69c56d12ed...6b.exe

windows7-x64

10

69c56d12ed...6b.exe

windows10-2004-x64

10

905d572f23...50.exe

windows7-x64

10

905d572f23...50.exe

windows10-2004-x64

10

CVE-2018-1...oC.swf

windows7-x64

3

CVE-2018-1...oC.swf

windows10-2004-x64

3

Resubmissions

01/04/2025, 21:24

250401-z8184awycs 10

Analysis

  • max time kernel
    141s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/02/2025, 23:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CVE-2018-15982_PoC.swf

  • Size

    12KB

  • MD5

    82fe94beb621a4368e76aa4a51998c00

  • SHA1

    b7c79b8f05c3d998e21d01b07b9ba157160581a9

  • SHA256

    c61dd1b37cbf2d72e3670e3c8dff28959683e6d85b8507cda25efe1dffc04bdb

  • SHA512

    055677c2194ff132dc3c50ef900a36a0e4b8e5b85d176047fdefdec049aff4d5e2db1ccffefaf65575b4ca41e81fd24beb3c7cfd2fce6275642638d0cf624d27

  • SSDEEP

    192:gR6qPBBRRcrxFx/pHPn9moz7p/+tqHM41rftZDBLj9b5d/:gwqDcLx/pH/IoBiqH/BfbDBLj9b5h

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\CVE-2018-15982_PoC.swf
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2484
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CVE-2018-15982_PoC.swf
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CVE-2018-15982_PoC.swf
        3⤵
        • Modifies Internet Explorer Phishing Filter
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2772
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ee80f30e839ce5cfaa39d06a8b450455

    SHA1

    61336a0ab165050d99ce9d10fa45290e2a8f98da

    SHA256

    13e93aac583de6820787596d6a69a6684f4b0cce31c916ed9b517f5b5d8411a9

    SHA512

    dba60fe1c10e706f77484b70d1560ed43f52d030ed83dba067dd0d015210b7e593262cc6e0594de876c33e8fce126722105e62e673c7ee001e62f16107ac870e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3a034b1f2f747c1d9a4146b82d7d35fd

    SHA1

    0a253f122c132f48cae026806700668d2a18ac16

    SHA256

    44e725b9cbae989a1941a1ccf74cbad6a50e5e1ee132cf19794075050b7c1f63

    SHA512

    1112998c94364ea480a83a973c41b15918f4c2d50c5bdb56dff04c0362c16a8bc73762e3c69571e513eb28347324db204f5b30d86c32340344637671ed269c9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    520f44cc4b5a97edb45fa85d52bebc62

    SHA1

    39b4ec2b9ce0049adda20221d7423dee4037affb

    SHA256

    ad28cde491feed74d3a164b48afd5249ced0c67bd361e62f629efc63ff51b2f5

    SHA512

    801febfd432f2c34788bc0d1821515cf1af7ee80848e6cfe555b2e4f03b1cec58c253a971a90868fd26be0918740a9dfecb471b523f8a2d93e2582abac9ec821

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    725bd998f25b8adeb9953e305091eb06

    SHA1

    33418e56a61a2d156caef2a70f738275d0e8a96c

    SHA256

    0f1a3010a2c073e8860e56adf92b4a78240b5d6c41c6bcc273aff706b9132039

    SHA512

    2dedaf1f023ff7984d067c007329be4b5e45b7a7e5e6d0a59496d655da23f2eabf0a09243783c7601ef7087a025a2ae9fd4b9509cfc221b053130ed9fc4a22ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1a9a2d857741add45706382d415926d1

    SHA1

    8922079dff18a1f1392f7073e206c94c5359b0af

    SHA256

    956994cd97d7d38b65f588f845842039005922b3ac5b23561a0780b2a3f8c927

    SHA512

    5107537022d6a054fff1bb590a8477810a1d4d84e42eb1fef8607610584a4066d2b19569b61a87c3f604588af0a4ec4656b4a4a743249286427c1d008b007ec6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4c032477800f31052d9222a2995edb9b

    SHA1

    ff92decffc5c5d0598691650404482094f9cb217

    SHA256

    dccd2eb671ad00d8c7ed5b156131cefd330cc67ce4d5a3eceb9635860e9f64d3

    SHA512

    dc43ba14668af2b6305e9e14aeb9284f171da1ab33e5902f395200bf2a3e13126f4f19c158822fb3a448252689956768c09b95c2ee42c42d391b581c94874fcd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7dbcf6586a07b911ed7281aaea4715f7

    SHA1

    4e3b044f3a16b2ff15959f6da3988926c3e7748e

    SHA256

    c9a88e0f7848507d53ee8aaab1fe52ff5bfae2ed73a3e2fd914c1acbc79589be

    SHA512

    c0c1fe2d9266fba3cf7077430e8329bad45c52a5c4ab09239647c30cce2499a31ea5db515d9c740792d156913aed6f7f9f07b24b81f62384692887c3ca151e9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    524502478f15ba9e7ab6443d93087b3a

    SHA1

    4f7ecf37cce0dce538b624a6f7d4698bb996d045

    SHA256

    bf7e41e6fce57974c3dcd95b2d8ede985a64512d497f87236cfe92b416b428d6

    SHA512

    5591b59673d4d18c0fca4e1d7c6475922fc57bb35743ad5700dde35052c19fa5d79714d4d920419f7b3863ed5fc330fcc8136a68661815e5d1769c8e844e624c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9C8F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9D80.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit