c24c4d805947b473c5f9abf3fa3b2168b1aaf8b282d612d004fd60774da49193

Resubmissions

29/05/2023, 21:43

230529-1kzk2aea7x 6

29/05/2023, 21:40

230529-1h82paea7s 1

Analysis

max time kernel
1792s
max time network
1232s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2023, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SDIO_x64_R753.exe
Size

5.1MB
MD5

bcc820cda8a2cd2484ff08ac36ef5116
SHA1

258bb2c6b1065f4bb48e3bc2baf11a89a1c8aa11
SHA256

63997f17b27c19e6a1dfb77b68e475baab78961999b668bf0401f2a9b5a5e028
SHA512

d83714ca2cba13b992f3d76d8622dbd1c3e305b4e98e51072bbd6d9f245f155b0361a2e9c47b8ac0a0b6e8c164266944550648992e45220adfee1c9243bba424
SSDEEP

49152:wi4fH9oFEftw3vYMkqecOCiQhxOsEzijUeukxEqtH+Nn1YufNaUYl5beRfbtG6NC:XQh3M9F1OmhdSEeRfbtrPb78n

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_diskdrive.PNF	SDIO_x64_R753.exe
File created	C:\Windows\INF\c_media.PNF	SDIO_x64_R753.exe
File created	C:\Windows\INF\c_volume.PNF	SDIO_x64_R753.exe
File created	C:\Windows\INF\c_display.PNF	SDIO_x64_R753.exe
File created	C:\Windows\INF\c_processor.PNF	SDIO_x64_R753.exe
File created	C:\Windows\INF\c_monitor.PNF	SDIO_x64_R753.exe

Checks SCSI registry key(s) 3 TTPs 18 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Mfg	SDIO_x64_R753.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SDIO_x64_R753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	SDIO_x64_R753.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	SDIO_x64_R753.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	SDIO_x64_R753.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg	SDIO_x64_R753.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	SDIO_x64_R753.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	SDIO_x64_R753.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Driver	SDIO_x64_R753.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SDIO_x64_R753.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	SDIO_x64_R753.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	SDIO_x64_R753.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	SDIO_x64_R753.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	SDIO_x64_R753.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Driver	SDIO_x64_R753.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	SDIO_x64_R753.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	SDIO_x64_R753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	SDIO_x64_R753.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3888	SDIO_x64_R753.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3888	SDIO_x64_R753.exe

C:\Users\Admin\AppData\Local\Temp\SDIO_x64_R753.exe
"C:\Users\Admin\AppData\Local\Temp\SDIO_x64_R753.exe"
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3888

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3888-151-0x0000000000400000-0x000000000094C000-memory.dmp

Filesize
5.3MB

Download
memory/3888-196-0x0000000000400000-0x000000000094C000-memory.dmp

Filesize
5.3MB

Download