Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
29/10/2022, 05:36
221029-gawxlsdfcm 8Analysis
-
max time kernel
60s -
max time network
88s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29/10/2022, 05:36
Static task
static1
Behavioral task
behavioral1
Sample
disk-drill-win.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
disk-drill-win.exe
Resource
win10v2004-20220812-en
General
-
Target
disk-drill-win.exe
-
Size
28.9MB
-
MD5
1730dff22c3688600b80474038776342
-
SHA1
d260d5d4aa9a6da30edb94d935cf9566e89c06bb
-
SHA256
3eef9e4cf03a4a99b5cd36b711c8c6fdbedfdd9e3842f97b5801b68fa9751b1e
-
SHA512
3e0b41184f20d7228c48cad79d49362438a9f2b931b2e1325d36c71d3444258c11d39eb411f9a735de51b0c89c526c528221aed6c6f6b74083fc391c0fb769e2
-
SSDEEP
786432:ZGp1L8SK2xg3n0aHnIa8nVJeilE0y8jtaUjD19QLDZ:U4Sj6Zjijdjtrc
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 5116 disk-drill-win.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4972 wrote to memory of 5116 4972 disk-drill-win.exe 81 PID 4972 wrote to memory of 5116 4972 disk-drill-win.exe 81 PID 4972 wrote to memory of 5116 4972 disk-drill-win.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\disk-drill-win.exe"C:\Users\Admin\AppData\Local\Temp\disk-drill-win.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4972 -
C:\Windows\Temp\{52E44F20-4AF5-4BC8-BD19-62D47D6717F6}\.cr\disk-drill-win.exe"C:\Windows\Temp\{52E44F20-4AF5-4BC8-BD19-62D47D6717F6}\.cr\disk-drill-win.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\disk-drill-win.exe" -burn.filehandle.attached=532 -burn.filehandle.self=5402⤵
- Executes dropped EXE
PID:5116
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
90KB
MD5c05fde60bfe9b88a017d5f33180cfc7b
SHA196bad74e8000320e884b01041d6434963aad2066
SHA256bd50b6e617dbafb6be054757f34ddd0434eabc04360e2fc88f929462f1489784
SHA5122dff405b474341f365abec2b36c6d2aea5e6aae41584b0e5c965a97b28921ececd3dc8eed476a272ea84932b32da97d3e46fb91ac36e676aa26c5cc65ae24a1a
-
Filesize
84KB
MD5e029096fbdfb6c69129dd114d9f01551
SHA14589e4fe56e423af5ca676738bf6346c12a12df4
SHA25671c5ff3cad3d9b17f4323ed4a434f0025fd54477f13f1430438f99c8fa8105c1
SHA512ff681cf96eb94361e9389232ba2cde1ab30de4d04f43e50a4072dbb37d12dc68791e0d6551e9f50652bbae49b26be373b89fa00cd7292122c4410097934ac3c9
-
Filesize
32KB
MD5046d809cfa5b4c82ca0ad50f496e82c1
SHA1171fc5d9858458d865afe54166fadd1cb6cf712b
SHA25644a06c30ff23be42b01404dcc60e28a8143585ff9a682783b336ced8e3631681
SHA512c08b25fdf180b133a1b924d285b331ed81161bc47567f7e824435fb4271dd4bedfb5d1bad9be9b36a5e172482ecc4920c7ecc9d3addbfde750c310ac0b0a5ef4