Overview
overview
6Static
static
1SDIOTransl...ol.exe
windows7-x64
1SDIOTransl...ol.exe
windows10-2004-x64
1SDIO_R753.exe
windows7-x64
3SDIO_R753.exe
windows10-2004-x64
4SDIO_auto.bat
windows7-x64
1SDIO_auto.bat
windows10-2004-x64
4SDIO_x64_R753.exe
windows7-x64
1SDIO_x64_R753.exe
windows10-2004-x64
4del_old_dr...ks.bat
windows7-x64
5del_old_dr...ks.bat
windows10-2004-x64
5docs/SDIO ...al.pdf
windows7-x64
1docs/SDIO ...al.pdf
windows10-2004-x64
1scripts/au...te.bat
windows7-x64
1scripts/au...te.bat
windows10-2004-x64
1scripts/pr...ed.bat
windows7-x64
1scripts/pr...ed.bat
windows10-2004-x64
1scripts/remote.bat
windows7-x64
6scripts/remote.bat
windows10-2004-x64
6scripts/sc...ks.bat
windows7-x64
1scripts/sc...ks.bat
windows10-2004-x64
1Analysis
-
max time kernel
1791s -
max time network
1594s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2023, 21:43
Static task
static1
Behavioral task
behavioral1
Sample
SDIOTranslationTool.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral2
Sample
SDIOTranslationTool.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
SDIO_R753.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral4
Sample
SDIO_R753.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
SDIO_auto.bat
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral6
Sample
SDIO_auto.bat
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
SDIO_x64_R753.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral8
Sample
SDIO_x64_R753.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
del_old_driverpacks.bat
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral10
Sample
del_old_driverpacks.bat
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
docs/SDIO Reference Manual.pdf
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral12
Sample
docs/SDIO Reference Manual.pdf
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
scripts/autoupdate.bat
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral14
Sample
scripts/autoupdate.bat
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
scripts/prep_unpacked.bat
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral16
Sample
scripts/prep_unpacked.bat
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
scripts/remote.bat
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral18
Sample
scripts/remote.bat
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
scripts/scan_driver_packs.bat
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral20
Sample
scripts/scan_driver_packs.bat
Resource
win10v2004-20230220-en
windows10-2004-x64
General
-
Target
SDIO_auto.bat
-
Size
845B
-
MD5
6b212b7437621b9da03bc0cc0652e799
-
SHA1
6f47859d1ecd805b94bcf7f9f4f741827494f0e6
-
SHA256
4db7e2a32b85f2a21ce95778b627d1454f6875ae3bf8aab90b917fab362d15d4
-
SHA512
3adea96c7e6e40ec4a9519b536d9d4c91d9638e9f2438e9bb4e36ea6ff7fb7fb2c91bca57c6f3850ad45336782efe910f7a10d1aebbfdc11573a2378574efcd5
Malware Config
Signatures
-
Drops file in Windows directory 6 IoCs
description ioc Process File created C:\Windows\INF\c_diskdrive.PNF SDIO_x64_R753.exe File created C:\Windows\INF\c_media.PNF SDIO_x64_R753.exe File created C:\Windows\INF\c_display.PNF SDIO_x64_R753.exe File created C:\Windows\INF\c_processor.PNF SDIO_x64_R753.exe File created C:\Windows\INF\c_monitor.PNF SDIO_x64_R753.exe File created C:\Windows\INF\c_volume.PNF SDIO_x64_R753.exe -
Checks SCSI registry key(s) 3 TTPs 18 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc SDIO_x64_R753.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Mfg SDIO_x64_R753.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 SDIO_x64_R753.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID SDIO_x64_R753.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs SDIO_x64_R753.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags SDIO_x64_R753.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID SDIO_x64_R753.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities SDIO_x64_R753.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName SDIO_x64_R753.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities SDIO_x64_R753.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc SDIO_x64_R753.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Driver SDIO_x64_R753.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Driver SDIO_x64_R753.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 SDIO_x64_R753.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs SDIO_x64_R753.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg SDIO_x64_R753.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName SDIO_x64_R753.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags SDIO_x64_R753.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1368 SDIO_x64_R753.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 1368 SDIO_x64_R753.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 4700 wrote to memory of 748 4700 cmd.exe 82 PID 4700 wrote to memory of 748 4700 cmd.exe 82 PID 4700 wrote to memory of 1368 4700 cmd.exe 83 PID 4700 wrote to memory of 1368 4700 cmd.exe 83
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\SDIO_auto.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:4700 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c dir /b /od "C:\Users\Admin\AppData\Local\Temp\SDIO_"x64_R"*.exe"2⤵PID:748
-
-
C:\Users\Admin\AppData\Local\Temp\SDIO_x64_R753.exe"C:\Users\Admin\AppData\Local\Temp\SDIO_x64_R753.exe"2⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1368
-