Overview

overview

3

Static

static

3

include/id...sult.h

windows7-x64

3

include/id...sult.h

windows10-2004-x64

3

include/id...ings.h

windows7-x64

3

include/id...ings.h

windows10-2004-x64

3

include/id...sion.h

windows7-x64

3

include/id...sion.h

windows10-2004-x64

3

include/id...elds.h

windows7-x64

3

include/id...elds.h

windows10-2004-x64

3

include/id...sion.h

windows7-x64

3

include/id...sion.h

windows10-2004-x64

3

include/se...mmon.h

windows7-x64

3

include/se...mmon.h

windows10-2004-x64

3

include/se...defs.h

windows7-x64

3

include/se...defs.h

windows10-2004-x64

3

include/se...mage.h

windows7-x64

3

include/se...mage.h

windows10-2004-x64

3

include/se...ring.h

windows7-x64

3

include/se...ring.h

windows10-2004-x64

3

include/se..._set.h

windows7-x64

3

include/se..._set.h

windows10-2004-x64

3

sample/app...gradle

windows7-x64

3

sample/app...gradle

windows10-2004-x64

3

sample/app...st.xml

windows7-x64

1

sample/app...st.xml

windows10-2004-x64

1

sample/app...y.java

windows7-x64

3

sample/app...y.java

windows10-2004-x64

3

sample/app...d.java

windows7-x64

3

sample/app...d.java

windows10-2004-x64

3

sample/app...k.java

windows7-x64

3

sample/app...k.java

windows10-2004-x64

3

sample/app...e.java

windows7-x64

3

sample/app...e.java

windows10-2004-x64

3

Analysis

  • max time kernel
    64s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2023 14:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    include/idengine/id_field_processing_session.h

  • Size

    4KB

  • MD5

    d6e638e9eb8cb80a0538ad1927699b19

  • SHA1

    f662cb2e8dae1a96fc77bac27521b4543ee77cf1

  • SHA256

    8e5bde9759512084c8b18897d270d125eeabcb7a924a3c5beda79f9e6cae635a

  • SHA512

    c9e5479d401dad04f4aeab1d0645a803229daadbe2b71da7e07f47778b1d5f232364210a0005a77695989ee61e52bf7ec9f68bd5d1f842cb406635828b36a399

  • SSDEEP

    96:UOHJ2CDaxDl9g9wzlvt1L67Ldgwzvgwh9e//vk1JN5HAv4r5:UZCDaF8wpDonzBLen0dg+

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\include\idengine\id_field_processing_session.h
    1⤵
    • Modifies registry class
    PID:2028
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:980

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads