Overview

overview

7

Static

static

1

CrystalDis..._5.exe

windows7-x64

7

CrystalDis..._5.exe

windows10-2004-x64

7

Resubmissions

28-03-2023 03:34

230328-d4zntaaf4s 7

28-03-2023 03:31

230328-d27awaaf3y 7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-03-2023 03:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CrystalDiskInfo8_17_5.exe

  • Size

    5.0MB

  • MD5

    8360ed8f8351c16f6259b88ce8c86353

  • SHA1

    ceaa5c1bddbb1486826ca3427bbb0450e5ad8bcf

  • SHA256

    892fad32d6aa24b24dbdd5757ba026206f24a7e78b84ffc1a579510c5a294137

  • SHA512

    8bbeecb698c00a7c992a4c08ebf0565f6edd2a08b45ddbc5bd1762e42175a38767400b3e5d9db8b5b1e08e2a899a5d00dd6f4e107babd4c18f4ed4b00b65f610

  • SSDEEP

    98304:ikLKxHcD7YjjIygnuXRv9ERNcM3dyMEBWdpObW:tKpcD7YXmSqRMMqEObW

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CrystalDiskInfo8_17_5.exe
    "C:\Users\Admin\AppData\Local\Temp\CrystalDiskInfo8_17_5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3948
    • C:\Users\Admin\AppData\Local\Temp\is-SQFJ9.tmp\CrystalDiskInfo8_17_5.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-SQFJ9.tmp\CrystalDiskInfo8_17_5.tmp" /SL5="$C0060,4163908,857600,C:\Users\Admin\AppData\Local\Temp\CrystalDiskInfo8_17_5.exe"
      2⤵
      • Executes dropped EXE
      PID:572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-SQFJ9.tmp\CrystalDiskInfo8_17_5.tmp
    Filesize

    3.1MB

    MD5

    1ba538756b5bd8fd4c9296f0cd461a5c

    SHA1

    38bc3f16a7d054ed5368dff5726d16b23580129b

    SHA256

    f946d2ec91242ba4ff46c3e73c1f51f885391f1f56f5689ea973bafcc584a8ae

    SHA512

    fd1effa65a993604894e575b7617d8f32a0eb839fb08f58625c2485795dce369e3cdf15608974d4ff8a09c6867a24861f002f9ceee8d81677220d696b45bedb6

    Download Submit
  • memory/572-139-0x0000000000D10000-0x0000000000D11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/572-141-0x0000000000400000-0x0000000000719000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/3948-133-0x0000000000400000-0x00000000004DF000-memory.dmp
    Filesize

    892KB

    Download
  • memory/3948-140-0x0000000000400000-0x00000000004DF000-memory.dmp
    Filesize

    892KB

    Download