56e5c595647581f7bede93bba0048fd8f46294d9ff4dd87879c4a63858a76435

Resubmissions

20/05/2023, 14:44

230520-r4lc3scg72 3

20/05/2023, 14:39

230520-r1f9ysfd6z 3

Analysis

max time kernel
115s
max time network
35s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
20/05/2023, 14:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SESmartIDCore/include/secommon/se_image.h
Size

16KB
MD5

89ab4ab13a1bc9d0462b78b141b347f5
SHA1

cb1081d0d423a8ee8a69c0f6d17cc4386b87edce
SHA256

388de509ba8a9a710e9e0fc965f10aa63b31c25c7a79d3a628f6a00d1082fbe9
SHA512

1a8e610af3f6985b7b6f9a6e620f6f46363a1ae3f2de8e0661e4e543830e0692eb4f61d78b3fd8fea770c1dea214e1fbb98d5051d3c9d8a1c8398cc183d52d6a
SSDEEP

384:05gttPyJArTxu/r6B6k3T1zePH28nXkX/Xs5AqMc4HKl1TbdvB6PT/d+t6FjjxFw:05gthCgf1W

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
360	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 360	2000	cmd.exe	28
PID 2000 wrote to memory of 360	2000	cmd.exe	28
PID 2000 wrote to memory of 360	2000	cmd.exe	28

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\SESmartIDCore\include\secommon\se_image.h
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\SESmartIDCore\include\secommon\se_image.h
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  PID:360

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads