Analysis
-
max time kernel
328s -
max time network
249s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 18:26
Static task
static1
Behavioral task
behavioral1
Sample
CrystalDiskMark3_0_3b-en.exe
Resource
win10v2004-20240508-en
General
-
Target
CrystalDiskMark3_0_3b-en.exe
-
Size
1.6MB
-
MD5
cd4abab9bcdd3eb78917d50bc51c7134
-
SHA1
11e6d97324e12854896e1dd7283a9964be51e04e
-
SHA256
c124357189899324dbdad0529912d352f7fc9c1d2fb2ad6cd6f436563de113c8
-
SHA512
bd89cd584800f6db3d8404408f0ff74c3fdc1d894038af39ad485a020770f9ce88b254add11344d971fab419f76d22a4e61bd51646ce7649d4cde1598d45b3a4
-
SSDEEP
49152:QQjszRr4n6X+Ys3maanjxDKS3Xta+Cwj4e:GRr66o3mBnjxDKVZw/
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 380 CrystalDiskMark3_0_3b-en.tmp -
Loads dropped DLL 2 IoCs
pid Process 380 CrystalDiskMark3_0_3b-en.tmp 4208 RunDll32.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe 4208 RunDll32.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1244 wrote to memory of 380 1244 CrystalDiskMark3_0_3b-en.exe 83 PID 1244 wrote to memory of 380 1244 CrystalDiskMark3_0_3b-en.exe 83 PID 1244 wrote to memory of 380 1244 CrystalDiskMark3_0_3b-en.exe 83 PID 380 wrote to memory of 4208 380 CrystalDiskMark3_0_3b-en.tmp 96 PID 380 wrote to memory of 4208 380 CrystalDiskMark3_0_3b-en.tmp 96 PID 380 wrote to memory of 4208 380 CrystalDiskMark3_0_3b-en.tmp 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\CrystalDiskMark3_0_3b-en.exe"C:\Users\Admin\AppData\Local\Temp\CrystalDiskMark3_0_3b-en.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1244 -
C:\Users\Admin\AppData\Local\Temp\is-E04SC.tmp\CrystalDiskMark3_0_3b-en.tmp"C:\Users\Admin\AppData\Local\Temp\is-E04SC.tmp\CrystalDiskMark3_0_3b-en.tmp" /SL5="$501C6,1095529,195584,C:\Users\Admin\AppData\Local\Temp\CrystalDiskMark3_0_3b-en.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:380 -
C:\Windows\SysWOW64\RunDll32.exeRunDll32.exe "C:\Users\Admin\AppData\Local\Temp\is-VHT9P.tmp\OCSetupHlp.dll",_OCPRD310OpenCandy2@16 3803⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4208
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD5d5696c0cbc3c518c6901f7fd718af16a
SHA1b3b1959e8c20ae126127ef85da8284c47431f158
SHA25625f81953c3ae2dc4276668821f6f855ad99d5c5d3170968f701781f5d8f332a4
SHA51256c365b63e92e14e2dad2bfebe6306d831bfbd9839e03dc3652ed23543eacc1ffe3d939a50a100429d930aa29455418676b15039b3e89a2316c429cb554b584e
-
Filesize
763KB
MD5a60cd235e75424d8db432acb2a65c10f
SHA172e6d61d5ac4f6a706a2b679d5f5673a2c1803d7
SHA256d7cd71201d5bde456bb653828dabea16f373a1e89f768b4eb1fa907771a49f1f
SHA5123de9ddce3d837af7cb07fe9fe98d942ded66cb61f5a5e918bfb6af9edd942791c1251881990d4ba80be864e87b5eb854747e23f07fde36781448fb8c14f110c9