Overview

overview

6

Static

static

3

Crystal disk.zip

windows10-1703-x64

1

Crystal di...il.exe

windows10-1703-x64

1

Crystal di...l4.exe

windows10-1703-x64

1

Crystal di...48.exe

windows10-1703-x64

1

Crystal di...it.dll

windows10-1703-x64

1

Crystal di...it.dll

windows10-1703-x64

1

Crystal di...rs.dll

windows10-1703-x64

1

Crystal di...h.html

windows10-1703-x64

4

Crystal di...8.html

windows10-1703-x64

4

Crystal di...n.html

windows10-1703-x64

4

Crystal di...min.js

windows10-1703-x64

1

Crystal di...min.js

windows10-1703-x64

1

Crystal di...min.js

windows10-1703-x64

1

Crystal di...64.dll

windows10-1703-x64

1

Crystal di...86.dll

windows10-1703-x64

1

Crystal di...64.dll

windows10-1703-x64

1

Crystal di...86.dll

windows10-1703-x64

3

Crystal di...64.dll

windows10-1703-x64

1

Crystal di...64.dll

windows10-1703-x64

1

Crystal di...86.dll

windows10-1703-x64

3

Crystal di...64.dll

windows10-1703-x64

1

Crystal di...64.dll

windows10-1703-x64

1

Crystal di...64.dll

windows10-1703-x64

1

Crystal di...86.dll

windows10-1703-x64

3

Crystal di...ec.exe

windows10-1703-x64

1

Crystal di...32.exe

windows10-1703-x64

6

Crystal di...64.exe

windows10-1703-x64

6

Crystal di...64.exe

windows10-1703-x64

Analysis

  • max time kernel
    134s
  • max time network
    132s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20-04-2024 10:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Crystal disk/DiskInfo64.exe

  • Size

    2.7MB

  • MD5

    aefe7a99ef3c9e40d8be45609d9b8080

  • SHA1

    fecb3aea2f282d26b0fd299911b8e6b3853d4436

  • SHA256

    a66e2523e65b90b8a6003947422e007714174d606981d0b1124e4bfb37d1418f

  • SHA512

    c2f5f2ee63bbd648d6a7a8f57ad3c3066bde323399c984a27101d60de8e08837ced21cc4904fc77e1fcda1578e24076087b3e3aaca172b5cbfac420c65b2cfb8

  • SSDEEP

    49152:+dA1UbcDRv5DhBMHhCRLnmnM4atqZdd1v+0Krbm:+deDhk4nmnM4aqTPKrbm

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Crystal disk\DiskInfo64.exe
    "C:\Users\Admin\AppData\Local\Temp\Crystal disk\DiskInfo64.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of SetWindowsHookEx
    PID:1536

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Crystal disk\DiskInfo.ini
    Filesize

    459B

    MD5

    882c458cc85ee4b347466710ae13a51a

    SHA1

    ba7aff983fd836e71f586fb17afcf82c2e392a0d

    SHA256

    25dde8580c278d53ccdb0dbea109458ba9634570f3ccfc65067245627f755ce4

    SHA512

    ea635a4277a87f09ecba115ad1ac7571405f6957ab1009b7dff8ad5abbbb81bf19f89a6b5ae7d97a0118f9590eb1803de49798a6383da65b516a0569da96c0f5

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Crystal disk\DiskInfo.ini
    Filesize

    113B

    MD5

    b31db42dd996258f838e1b7b88c806d6

    SHA1

    59b6db5f6ab6c199ae1d111c6ca3e7571da001cb

    SHA256

    b56dd4e94b481071d6a0c3ea277f78be98101d2d21eab233159d4b863ff1451d

    SHA512

    c1d4b6ffc1d32b82d608ae0673597e86c17bd5298e7a774e011f5ac4c1eb10a3f7291186a083f42eb008827c1fd744bc82ce6c112faba938b1870adf68ebdaf0

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Crystal disk\DiskInfo.ini
    Filesize

    171B

    MD5

    238f8a029d60d866a56a340a4fbf9c60

    SHA1

    437169c97cf23754c06136c51e2cdc395a1fdfd4

    SHA256

    1eb78521e4f6f03a1fd5908a7ec5d02a724b978fab197d243a8c5d210b9f5189

    SHA512

    9710e5a5e59b6a363c7df08968d1774602b3e648e224b53fa93f1482b72c09c11e2d222e00fd60da8ed3f933ee696f07cd27b0d2248e393634e6d6b5bd98262b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Crystal disk\DiskInfo.ini
    Filesize

    56B

    MD5

    639b21ec594fd6ec5802c828dd4ff54a

    SHA1

    74ce0add6ab4393ec10564121e3e11927f845cf6

    SHA256

    14d1c79e51df74708de3a6868d6fdd3dd30a33867051a7c60f0746ffc977003a

    SHA512

    89e36f93a2afec70873e4a6735db00cfbf01715888bab35cc7feab68e5a353495b2269f47b6cb2f4ecfd2faedc66367c1bbb157757a6dea0f91f93c0b99522d1

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Crystal disk\DiskInfo.ini
    Filesize

    441B

    MD5

    3d6afd14b27bdf86593e110308cc4b16

    SHA1

    9d097917d356aeb3bb2c7c50ed12d18a527e6d80

    SHA256

    c400a2e949b9d687acd914360cd766f5959369672daa290a1b376cf7f61414e4

    SHA512

    aef3d550cbce8c95a4fbe6255317f9cdf371dc2db6e7ffb8cd08a6652ecb8ce9681c629ac8fb4455e89672d500842f3f5b82d61d255cc8b713ab4f500509090f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Crystal disk\Smart\QEMU HARDDISKQM00013\09.csv
    Filesize

    25B

    MD5

    5e5652b3a3f6526df514e0707f0fbecf

    SHA1

    fb2a11be8491c8ea62559c6bba639e95626b3ffc

    SHA256

    c095a3d9d58502737bca3ccdcd826737fe4e6db3f4daa5ced50274ffa8888c9c

    SHA512

    d46d2fd534d37e7bfbd8fff652099106a85603b9b3189ad8af2e9abc359448ee6dcd833859df006469ae83b110c811ebf663d8f8a774feae0fd0892d19e6cc1f

    Download Submit