061372cecd8bd05545efc26231fbf14a3ded422f1f408b3110c24cf1fc58f94d | Triage

Submit
Reports

Overview

overview

8

Static

static

1

disk-drill-win.exe

windows7-x64

disk-drill-win.exe

windows10-2004-x64

8

Sharing

General

Target

disk-drill-win.exe
Size

22.1MB
Sample

240220-2w6ddsgf25
MD5

7009ef0bcb5abd5d94f22b0b2d64563f
SHA1

0b623230797d299f39949f6b5d188bcd655d3953
SHA256

061372cecd8bd05545efc26231fbf14a3ded422f1f408b3110c24cf1fc58f94d
SHA512

f0fdafffe647b5634c12b09e94f2d8d6fe99101c148cc0a9066824bbe9bba0d4b990efad29a0317aaad7f276d119ee0224e8e451e12a0a6aad9de73a3ee5cd71
SSDEEP

393216:xMawbUzY9XVcgZGBWVXcHiH/R6BBPJAhOI/rWB079LqsbEdGi+/InuR6o89:xwbUzY96gYBWGOGRJAkWa8qsX/e8nO

Score

8^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

disk-drill-win.exe

Resource

win7-20231215-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

disk-drill-win.exe

Resource

win10v2004-20231215-en

discovery persistence

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  disk-drill-win.exe
- Size
  
  22.1MB
- MD5
  
  7009ef0bcb5abd5d94f22b0b2d64563f
- SHA1
  
  0b623230797d299f39949f6b5d188bcd655d3953
- SHA256
  
  061372cecd8bd05545efc26231fbf14a3ded422f1f408b3110c24cf1fc58f94d
- SHA512
  
  f0fdafffe647b5634c12b09e94f2d8d6fe99101c148cc0a9066824bbe9bba0d4b990efad29a0317aaad7f276d119ee0224e8e451e12a0a6aad9de73a3ee5cd71
- SSDEEP
  
  393216:xMawbUzY9XVcgZGBWVXcHiH/R6BBPJAhOI/rWB079LqsbEdGi+/InuR6o89:xwbUzY96gYBWGOGRJAkWa8qsX/e8nO
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence

© 2018-2024

Terms | Privacy