Overview
overview
10Static
static
CrystalDis...32.exe
windows7_x64
1CrystalDis...32.exe
windows10_x64
1CrystalDis...2L.exe
windows7_x64
1CrystalDis...2L.exe
windows10_x64
1CrystalDis...64.exe
windows7_x64
1CrystalDis...64.exe
windows10_x64
1CrystalDis...4L.exe
windows7_x64
1CrystalDis...4L.exe
windows10_x64
1CrystalDis...32.exe
windows7_x64
CrystalDis...32.exe
windows10_x64
CrystalDis...64.exe
windows7_x64
CrystalDis...64.exe
windows10_x64
CrystalDis...32.exe
windows7_x64
1CrystalDis...32.exe
windows10_x64
1CrystalDis...64.exe
windows7_x64
8CrystalDis...64.exe
windows10_x64
10CrystalDis...41.exe
windows7_x64
8CrystalDis...41.exe
windows10_x64
10General
-
Target
CrystalDiskMark_7.0.0h_Portable.rar
-
Size
6.0MB
-
Sample
210122-ktgyc1netn
-
MD5
8a92d304aebb9fe6d47c21842b8ad017
-
SHA1
13837a750dafed4bb819b511c22439f6f5adeac0
-
SHA256
e9ff1c0a27cdc6983cac639e188c7b9099ab035b4dae6d98f337c0236574cf42
-
SHA512
2083816049f316c0dcfb483ebae04480fd699bc8df3a5b97513e4f1f66c184fcad981101a625cc6989259eeec6044514fe1a83d5f6633fa5c808a2a8f8e2dc83
Static task
static1
Behavioral task
behavioral1
Sample
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd32.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd32.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd32L.exe
Resource
win7v20201028
Behavioral task
behavioral4
Sample
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd32L.exe
Resource
win10v20201028
Behavioral task
behavioral5
Sample
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd64.exe
Resource
win7v20201028
Behavioral task
behavioral6
Sample
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd64.exe
Resource
win10v20201028
Behavioral task
behavioral7
Sample
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd64L.exe
Resource
win7v20201028
Behavioral task
behavioral8
Sample
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd64L.exe
Resource
win10v20201028
Behavioral task
behavioral9
Sample
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpdA32.exe
Resource
win7v20201028
Behavioral task
behavioral10
Sample
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpdA32.exe
Resource
win10v20201028
Behavioral task
behavioral11
Sample
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpdA64.exe
Resource
win7v20201028
Behavioral task
behavioral12
Sample
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpdA64.exe
Resource
win10v20201028
Behavioral task
behavioral13
Sample
CrystalDiskMark 7.0.0h Portable/DiskMark32.exe
Resource
win7v20201028
Behavioral task
behavioral14
Sample
CrystalDiskMark 7.0.0h Portable/DiskMark32.exe
Resource
win10v20201028
Behavioral task
behavioral15
Sample
CrystalDiskMark 7.0.0h Portable/DiskMark64.exe
Resource
win7v20201028
Behavioral task
behavioral16
Sample
CrystalDiskMark 7.0.0h Portable/DiskMark64.exe
Resource
win10v20201028
Behavioral task
behavioral17
Sample
CrystalDiskMark 7.0.0h Portable/DiskMark641.exe
Resource
win7v20201028
Behavioral task
behavioral18
Sample
CrystalDiskMark 7.0.0h Portable/DiskMark641.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd32.exe
-
Size
356KB
-
MD5
d8e81a7c9545f456dd093aced6ca2b57
-
SHA1
02f92cc6529a1ab80e6617a9528dedc113dffe2c
-
SHA256
7caa2fb480851210b4d3d7675ae80b74adea2abad2f776b6e3e17023e5d15304
-
SHA512
1be90acd199fec38ecb122259dd0db01a239c613005a1067a5b93e544df6384354eb1edbe42cd76638113deaf29641763285b6bb15d22a3872c683a1909e383e
Score1/10 -
-
-
Target
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd32L.exe
-
Size
288KB
-
MD5
84ec15935596d65ae04284a2c238cb43
-
SHA1
8de30201ada9e33ee76889879e6b6d5ef5179caa
-
SHA256
6ebc852aa512b6f371265084900f4f268131894889fe6b535218d1bebe66c8a0
-
SHA512
1522e21043a5aa726d48a776c1c3ab590946c28e72a0cbbae092886b6f93738922c18b9a09774ef74d2d2514d859fa4929fcd44363e3cc1532d2b58af7799e1d
Score1/10 -
-
-
Target
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd64.exe
-
Size
405KB
-
MD5
b356b27e1fb9fc9c1ef549ca7725eb84
-
SHA1
74468e7e31732fa54307e066c0e7b9e65faa2b4d
-
SHA256
e836dad74c24eb18e0f85b944962c78fc68b1550cebf5577536ff9ee710cfe8c
-
SHA512
4033bbac19abc2f84d0d9c6d07e4a4c0a669ffa41ccd91f08390f7c85aab9983adbccf78f2f7c0861dab4f29e0d356dfd8bc71ee718e8ac9b9f8eeeef54caa10
Score1/10 -
-
-
Target
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpd64L.exe
-
Size
342KB
-
MD5
9dedb535a5d8b763256974c6d5f3f9d1
-
SHA1
071238d1a5e0510e7ab9be094bc52b28a5572ffa
-
SHA256
50791b41bc4bc2c3c8ca19d1a604e83972a76279a4d5f84c9c0963364fe936c7
-
SHA512
dc677936381238d1b616ce74def108d5453765b3a48806192632f0d79bf2af4a224eb28d887d51dc342911852cc208b80e681682c0e6b841ac4dde20545de87b
Score1/10 -
-
-
Target
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpdA32.exe
-
Size
307KB
-
MD5
92897f3c208e59ff1755e927d3fd6e02
-
SHA1
610e56fbd3d9a414c68a80b31acf95c272fa0bc7
-
SHA256
6eab600a58e79f3c15c6f268b36b4a9d053268b947e7207ee915d025e99bea0e
-
SHA512
e37ce40d89fcd529a68fc50473ba54de0c92a12db670d3b154bba2cc4ce473f22bf922f3f0ecf7592cbe2cf2f23f80f3f3df6b8390437b47bf54ba395a3ca682
Score1/10 -
-
-
Target
CrystalDiskMark 7.0.0h Portable/CdmResource/DiskSpd/DiskSpdA64.exe
-
Size
399KB
-
MD5
8066aa50550bed88258a2d83fff081aa
-
SHA1
dfa09db0ea189fe40a3f94770a3cc21d8301ce9c
-
SHA256
9b77552a4d1cbe86dfe1cb2cad2c14f0f12ee8db6dc69010d3a347554572f58b
-
SHA512
0d6b379252030df309c832377ead486750871beaf860ea519e455abc970b4c51d75479954eb10bbb257ff658d7df1177a2366c4e2793a67b442d5479facae9ff
Score1/10 -
-
-
Target
CrystalDiskMark 7.0.0h Portable/DiskMark32.exe
-
Size
2.1MB
-
MD5
cd5a4977d76024445486a226262ee89d
-
SHA1
4adf9eaaeb91e98f942bd4d010c5003e97659a13
-
SHA256
0aca83b6cc794d49464087f14dfc793f2f1bca92408e1fc5605cb20e2ae83141
-
SHA512
9d9d5b562605898648340af1931565bf37201cfdeda69511cbc7f8e99b598493cb45686345826199974c9dc10bed60037c6b8f426c895a631f5a0bd99052b583
Score1/10 -
-
-
Target
CrystalDiskMark 7.0.0h Portable/DiskMark64.exe
-
Size
3.2MB
-
MD5
d9e394e1b740a84e9999578bfa3d9883
-
SHA1
9a026b2a368d0f5bb4ebb86b95c2d141851eacb3
-
SHA256
907ab8d0eed8b2403dd85137f47ed10cd9dd5fb6dd9106f8df563decf7bbefb9
-
SHA512
72385eda3fea71a1480dcd849edc86502d7058fb54f791f9c5af6ec90ff16d3ff8045ae1d8808d6df99767a62e92f599f7beb886b2657a66718fdeab76312468
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
-
-
Target
CrystalDiskMark 7.0.0h Portable/DiskMark641.exe
-
Size
3.2MB
-
MD5
d63530ab9360e11638e7db980ed15102
-
SHA1
1f9fa6eb5ab40ca6f8e702a5fa96c3e6d440d9d4
-
SHA256
90812a0cc85454d92f622fe4d47a363ec213d259a1b9507f6ec7ae5fd8df17c8
-
SHA512
644109c916576c8b516956c42cd2fcccf5389dd74ccb0e66e86258903ff1310caf101720b6805c0cbe24b76b2d027c1fefdda5dd2b84472b8526d3f6df523fb8
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-