General

  • Target

    CrystalDiskMark_7.0.0h_Portable.rar

  • Size

    6.0MB

  • Sample

    210122-ktgyc1netn

  • MD5

    8a92d304aebb9fe6d47c21842b8ad017

  • SHA1

    13837a750dafed4bb819b511c22439f6f5adeac0

  • SHA256

    e9ff1c0a27cdc6983cac639e188c7b9099ab035b4dae6d98f337c0236574cf42

  • SHA512

    2083816049f316c0dcfb483ebae04480fd699bc8df3a5b97513e4f1f66c184fcad981101a625cc6989259eeec6044514fe1a83d5f6633fa5c808a2a8f8e2dc83

Score
10/10

Malware Config

Targets

    • Target

      CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd32.exe

    • Size

      356KB

    • MD5

      d8e81a7c9545f456dd093aced6ca2b57

    • SHA1

      02f92cc6529a1ab80e6617a9528dedc113dffe2c

    • SHA256

      7caa2fb480851210b4d3d7675ae80b74adea2abad2f776b6e3e17023e5d15304

    • SHA512

      1be90acd199fec38ecb122259dd0db01a239c613005a1067a5b93e544df6384354eb1edbe42cd76638113deaf29641763285b6bb15d22a3872c683a1909e383e

    Score
    1/10
    • Target

      CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd32L.exe

    • Size

      288KB

    • MD5

      84ec15935596d65ae04284a2c238cb43

    • SHA1

      8de30201ada9e33ee76889879e6b6d5ef5179caa

    • SHA256

      6ebc852aa512b6f371265084900f4f268131894889fe6b535218d1bebe66c8a0

    • SHA512

      1522e21043a5aa726d48a776c1c3ab590946c28e72a0cbbae092886b6f93738922c18b9a09774ef74d2d2514d859fa4929fcd44363e3cc1532d2b58af7799e1d

    Score
    1/10
    • Target

      CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd64.exe

    • Size

      405KB

    • MD5

      b356b27e1fb9fc9c1ef549ca7725eb84

    • SHA1

      74468e7e31732fa54307e066c0e7b9e65faa2b4d

    • SHA256

      e836dad74c24eb18e0f85b944962c78fc68b1550cebf5577536ff9ee710cfe8c

    • SHA512

      4033bbac19abc2f84d0d9c6d07e4a4c0a669ffa41ccd91f08390f7c85aab9983adbccf78f2f7c0861dab4f29e0d356dfd8bc71ee718e8ac9b9f8eeeef54caa10

    Score
    1/10
    • Target

      CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd64L.exe

    • Size

      342KB

    • MD5

      9dedb535a5d8b763256974c6d5f3f9d1

    • SHA1

      071238d1a5e0510e7ab9be094bc52b28a5572ffa

    • SHA256

      50791b41bc4bc2c3c8ca19d1a604e83972a76279a4d5f84c9c0963364fe936c7

    • SHA512

      dc677936381238d1b616ce74def108d5453765b3a48806192632f0d79bf2af4a224eb28d887d51dc342911852cc208b80e681682c0e6b841ac4dde20545de87b

    Score
    1/10
    • Target

      CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpdA32.exe

    • Size

      307KB

    • MD5

      92897f3c208e59ff1755e927d3fd6e02

    • SHA1

      610e56fbd3d9a414c68a80b31acf95c272fa0bc7

    • SHA256

      6eab600a58e79f3c15c6f268b36b4a9d053268b947e7207ee915d025e99bea0e

    • SHA512

      e37ce40d89fcd529a68fc50473ba54de0c92a12db670d3b154bba2cc4ce473f22bf922f3f0ecf7592cbe2cf2f23f80f3f3df6b8390437b47bf54ba395a3ca682

    Score
    1/10
    • Target

      CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpdA64.exe

    • Size

      399KB

    • MD5

      8066aa50550bed88258a2d83fff081aa

    • SHA1

      dfa09db0ea189fe40a3f94770a3cc21d8301ce9c

    • SHA256

      9b77552a4d1cbe86dfe1cb2cad2c14f0f12ee8db6dc69010d3a347554572f58b

    • SHA512

      0d6b379252030df309c832377ead486750871beaf860ea519e455abc970b4c51d75479954eb10bbb257ff658d7df1177a2366c4e2793a67b442d5479facae9ff

    Score
    1/10
    • Target

      CrystalDiskMark 7.0.0h Portable/DiskMark32.exe

    • Size

      2.1MB

    • MD5

      cd5a4977d76024445486a226262ee89d

    • SHA1

      4adf9eaaeb91e98f942bd4d010c5003e97659a13

    • SHA256

      0aca83b6cc794d49464087f14dfc793f2f1bca92408e1fc5605cb20e2ae83141

    • SHA512

      9d9d5b562605898648340af1931565bf37201cfdeda69511cbc7f8e99b598493cb45686345826199974c9dc10bed60037c6b8f426c895a631f5a0bd99052b583

    Score
    1/10
    • Target

      CrystalDiskMark 7.0.0h Portable/DiskMark64.exe

    • Size

      3.2MB

    • MD5

      d9e394e1b740a84e9999578bfa3d9883

    • SHA1

      9a026b2a368d0f5bb4ebb86b95c2d141851eacb3

    • SHA256

      907ab8d0eed8b2403dd85137f47ed10cd9dd5fb6dd9106f8df563decf7bbefb9

    • SHA512

      72385eda3fea71a1480dcd849edc86502d7058fb54f791f9c5af6ec90ff16d3ff8045ae1d8808d6df99767a62e92f599f7beb886b2657a66718fdeab76312468

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    • Target

      CrystalDiskMark 7.0.0h Portable/DiskMark641.exe

    • Size

      3.2MB

    • MD5

      d63530ab9360e11638e7db980ed15102

    • SHA1

      1f9fa6eb5ab40ca6f8e702a5fa96c3e6d440d9d4

    • SHA256

      90812a0cc85454d92f622fe4d47a363ec213d259a1b9507f6ec7ae5fd8df17c8

    • SHA512

      644109c916576c8b516956c42cd2fcccf5389dd74ccb0e66e86258903ff1310caf101720b6805c0cbe24b76b2d027c1fefdda5dd2b84472b8526d3f6df523fb8

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

2
T1053

Persistence

Scheduled Task

2
T1053

Privilege Escalation

Scheduled Task

2
T1053

Discovery

System Information Discovery

2
T1082

Tasks