f004c98f0011b2289d929448bad26a49664d51143bf8fb949ae1c5645d716aed | Triage

Submit
Reports

Overview

overview

7

Static

static

1

CrystalDis...14.exe

windows7-x64

7

CrystalDis...14.exe

windows10-2004-x64

7

Sharing

General

Target

CrystalDiskInfo8_17_14.exe
Size

5.0MB
Sample

230403-r65vhaha8t
MD5

79cead4c2efd357a242ad9e102ab1686
SHA1

a8f57052d20044972df6757dfaed2d9263138774
SHA256

f004c98f0011b2289d929448bad26a49664d51143bf8fb949ae1c5645d716aed
SHA512

f75f51a52f3352a6c9160f43c947a3e2204828e3ab956d07b1294e52b06aa910d7fd99a33bb8c5175876915d678d4149947583d78f5a9cbf48499853e1b726d3
SSDEEP

98304:AkLgt49pH80N0IOAULF4SwU07QUXymV95zfRcI9iX9FQktWqdBLmn:fL8M0IOAELqXrVHfRcqiX9+kIEy

Score

7^/10

bootkit discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

CrystalDiskInfo8_17_14.exe

Resource

win7-20230220-en

bootkit discovery persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

CrystalDiskInfo8_17_14.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  CrystalDiskInfo8_17_14.exe
- Size
  
  5.0MB
- MD5
  
  79cead4c2efd357a242ad9e102ab1686
- SHA1
  
  a8f57052d20044972df6757dfaed2d9263138774
- SHA256
  
  f004c98f0011b2289d929448bad26a49664d51143bf8fb949ae1c5645d716aed
- SHA512
  
  f75f51a52f3352a6c9160f43c947a3e2204828e3ab956d07b1294e52b06aa910d7fd99a33bb8c5175876915d678d4149947583d78f5a9cbf48499853e1b726d3
- SSDEEP
  
  98304:AkLgt49pH80N0IOAULF4SwU07QUXymV95zfRcI9iX9FQktWqdBLmn:fL8M0IOAELqXrVHfRcqiX9+kIEy
Score

7^/10

bootkit discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

© 2018-2024

Terms | Privacy