cd9eacc6aad99874b77e6bdfd96674bed0ee5adc7150b91720e8efbedfcb2ba7

Resubmissions

04/01/2024, 19:42

240104-yesjeshfhq 4

04/01/2024, 19:38

240104-ycm6xsace7 5

Analysis

max time kernel
129s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 19:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

disk-drill-win.exe
Size

22.1MB
MD5

9687c4c3cecc481356f3e5b149094ff6
SHA1

a704dc97e38ea08f89830ae39803549a3254b0f8
SHA256

cd9eacc6aad99874b77e6bdfd96674bed0ee5adc7150b91720e8efbedfcb2ba7
SHA512

e52a95118fdb2c12cb91e88a17c98b83c916fc18f890e7735c7e86a7b67e075421bace90d3cfe8daed46c5c29ff7f747b10526f5138dedbf277d6827dabb0361
SSDEEP

393216:iKetvl8klKoBMhYQuyrrBxmlyFN5pNzywYKqMQwRd8dwguoTR3HGyuIW/8Wx/:iTrnlKoah5pX6Kf1YKqvwRd8IK33hSTt

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 1 IoCs

pid	Process
3840	disk-drill-win.exe

Loads dropped DLL 1 IoCs

pid	Process
3840	disk-drill-win.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 3840	1608	disk-drill-win.exe	92
PID 1608 wrote to memory of 3840	1608	disk-drill-win.exe	92
PID 1608 wrote to memory of 3840	1608	disk-drill-win.exe	92

C:\Users\Admin\AppData\Local\Temp\disk-drill-win.exe
"C:\Users\Admin\AppData\Local\Temp\disk-drill-win.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Windows\Temp\{016AC96B-B961-48A0-8541-EBA79A577367}\.cr\disk-drill-win.exe
  "C:\Windows\Temp\{016AC96B-B961-48A0-8541-EBA79A577367}\.cr\disk-drill-win.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\disk-drill-win.exe" -burn.filehandle.attached=552 -burn.filehandle.self=688
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\{016AC96B-B961-48A0-8541-EBA79A577367}\.cr\disk-drill-win.exe

Filesize
888KB

MD5
fbaa842cc54137df66c8986ea0aa46a5

SHA1
713a8b72451549cc583bffa6a130d65324dbddfa

SHA256
f1d000be8f0a322cf3774f9af9b82aad98b3208bfb5502f25ead642722933078

SHA512
931753318c65a6c89c304997a09429eb46b6a1364bf022fbcc9a56f304c88c0802f927134ae5af528e196906ca218c1cf57c5b7c9ed36691015e7d7b2247083f

Download Submit
C:\Windows\Temp\{5B1BDD5B-4788-4134-B123-59B0808305E6}\.ba\logo.png

Filesize
80KB

MD5
bc348d03ed3d614eeb776df9c17dd0c9

SHA1
0d0628742f480a07e08f251d7ffa6d2c671b6811

SHA256
bcc352480c5bb9be1021442b5f1c948a33504d75b9c76f899eb3244e0b40c786

SHA512
12b12b6ccece3de9e76562ca83e078cf502e0de34747abe84f70665bd2727f4cdd62d04a1811095440c5f52fcc2b4a07f3c45b2fd3bf7d1933b596a09b5cf311

Download Submit
C:\Windows\Temp\{5B1BDD5B-4788-4134-B123-59B0808305E6}\.ba\wixstdba.dll

Filesize
184KB

MD5
fe7e0bd53f52e6630473c31299a49fdd

SHA1
f706f45768bfb95f4c96dfa0be36df57aa863898

SHA256
2bea14d70943a42d344e09b7c9de5562fa7e109946e1c615dd584da30d06cc80

SHA512
feed48286b1e182996a3664f0facdf42aae3692d3d938ea004350c85764db7a0bea996dfddf7a77149c0d4b8b776fb544e8b1ce5e9944086a5b1ed6a8a239a3c

Download Submit