Overview

overview

6

Static

static

3

Crystal disk.zip

windows10-1703-x64

1

Crystal di...il.exe

windows10-1703-x64

1

Crystal di...l4.exe

windows10-1703-x64

1

Crystal di...48.exe

windows10-1703-x64

1

Crystal di...it.dll

windows10-1703-x64

1

Crystal di...it.dll

windows10-1703-x64

1

Crystal di...rs.dll

windows10-1703-x64

1

Crystal di...h.html

windows10-1703-x64

4

Crystal di...8.html

windows10-1703-x64

4

Crystal di...n.html

windows10-1703-x64

4

Crystal di...min.js

windows10-1703-x64

1

Crystal di...min.js

windows10-1703-x64

1

Crystal di...min.js

windows10-1703-x64

1

Crystal di...64.dll

windows10-1703-x64

1

Crystal di...86.dll

windows10-1703-x64

1

Crystal di...64.dll

windows10-1703-x64

1

Crystal di...86.dll

windows10-1703-x64

3

Crystal di...64.dll

windows10-1703-x64

1

Crystal di...64.dll

windows10-1703-x64

1

Crystal di...86.dll

windows10-1703-x64

3

Crystal di...64.dll

windows10-1703-x64

1

Crystal di...64.dll

windows10-1703-x64

1

Crystal di...64.dll

windows10-1703-x64

1

Crystal di...86.dll

windows10-1703-x64

3

Crystal di...ec.exe

windows10-1703-x64

1

Crystal di...32.exe

windows10-1703-x64

6

Crystal di...64.exe

windows10-1703-x64

6

Crystal di...64.exe

windows10-1703-x64

Analysis

  • max time kernel
    135s
  • max time network
    142s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20-04-2024 10:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Crystal disk/DiskInfo32.exe

  • Size

    2.5MB

  • MD5

    5d14d19f1744c9dd8ae755866906b4e7

  • SHA1

    147d8703111d3d9f0238ee723c3eac1d98978e4b

  • SHA256

    7e232324354fb547e6ab58ae9bf92de7e94dcbe7fdcd84b52d0b6385ae37c1c7

  • SHA512

    9e4db9ced38e1ca2971adb8b70b4e41d2f06a51f3d5e16a14e83d77b946380add4cfa8890ae868973e2509f0e6b5a946f760b054b7f3e915bd95b5fd63edd253

  • SSDEEP

    49152:80jwy1SDYkje/zFFDthinmnM4atqZdd1v+0Krbs:zb1UYH/zFYnmnM4aqTPKrbs

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Crystal disk\DiskInfo32.exe
    "C:\Users\Admin\AppData\Local\Temp\Crystal disk\DiskInfo32.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of SetWindowsHookEx
    PID:4772

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Crystal disk\DiskInfo.ini
    Filesize

    459B

    MD5

    882c458cc85ee4b347466710ae13a51a

    SHA1

    ba7aff983fd836e71f586fb17afcf82c2e392a0d

    SHA256

    25dde8580c278d53ccdb0dbea109458ba9634570f3ccfc65067245627f755ce4

    SHA512

    ea635a4277a87f09ecba115ad1ac7571405f6957ab1009b7dff8ad5abbbb81bf19f89a6b5ae7d97a0118f9590eb1803de49798a6383da65b516a0569da96c0f5

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Crystal disk\DiskInfo.ini
    Filesize

    113B

    MD5

    b31db42dd996258f838e1b7b88c806d6

    SHA1

    59b6db5f6ab6c199ae1d111c6ca3e7571da001cb

    SHA256

    b56dd4e94b481071d6a0c3ea277f78be98101d2d21eab233159d4b863ff1451d

    SHA512

    c1d4b6ffc1d32b82d608ae0673597e86c17bd5298e7a774e011f5ac4c1eb10a3f7291186a083f42eb008827c1fd744bc82ce6c112faba938b1870adf68ebdaf0

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Crystal disk\DiskInfo.ini
    Filesize

    171B

    MD5

    238f8a029d60d866a56a340a4fbf9c60

    SHA1

    437169c97cf23754c06136c51e2cdc395a1fdfd4

    SHA256

    1eb78521e4f6f03a1fd5908a7ec5d02a724b978fab197d243a8c5d210b9f5189

    SHA512

    9710e5a5e59b6a363c7df08968d1774602b3e648e224b53fa93f1482b72c09c11e2d222e00fd60da8ed3f933ee696f07cd27b0d2248e393634e6d6b5bd98262b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Crystal disk\DiskInfo.ini
    Filesize

    56B

    MD5

    639b21ec594fd6ec5802c828dd4ff54a

    SHA1

    74ce0add6ab4393ec10564121e3e11927f845cf6

    SHA256

    14d1c79e51df74708de3a6868d6fdd3dd30a33867051a7c60f0746ffc977003a

    SHA512

    89e36f93a2afec70873e4a6735db00cfbf01715888bab35cc7feab68e5a353495b2269f47b6cb2f4ecfd2faedc66367c1bbb157757a6dea0f91f93c0b99522d1

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Crystal disk\DiskInfo.ini
    Filesize

    441B

    MD5

    3d6afd14b27bdf86593e110308cc4b16

    SHA1

    9d097917d356aeb3bb2c7c50ed12d18a527e6d80

    SHA256

    c400a2e949b9d687acd914360cd766f5959369672daa290a1b376cf7f61414e4

    SHA512

    aef3d550cbce8c95a4fbe6255317f9cdf371dc2db6e7ffb8cd08a6652ecb8ce9681c629ac8fb4455e89672d500842f3f5b82d61d255cc8b713ab4f500509090f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Crystal disk\Smart\QEMU HARDDISKQM00013\09.csv
    Filesize

    25B

    MD5

    b2269f1f6612f8a87cbac38bdec32900

    SHA1

    1803dfbd279dc0a50436b54d323bfffbaa73867c

    SHA256

    7f9845698ccae64a5d5ad19ce4c8b51832c9dd36e8e5f461cc988d7a153e7067

    SHA512

    b07236f74f94934d647945da1d225bca6b19132e85388aa7e486d7f2c89c1958fdfb7ffaa1a8313c7f6475026b35a64c10e3b7deeb81942d3a896cba50d22cde

    Download Submit