Malware Analysis Report

2025-04-14 04:33

Sample ID 240612-w25q6avela
Target CrystalDiskMark3_0_3b-en.exe
SHA256 c124357189899324dbdad0529912d352f7fc9c1d2fb2ad6cd6f436563de113c8
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c124357189899324dbdad0529912d352f7fc9c1d2fb2ad6cd6f436563de113c8

Threat Level: Shows suspicious behavior

The file CrystalDiskMark3_0_3b-en.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:26

Reported

2024-06-12 18:31

Platform

win10v2004-20240508-en

Max time kernel

328s

Max time network

249s

Command Line

"C:\Users\Admin\AppData\Local\Temp\CrystalDiskMark3_0_3b-en.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E04SC.tmp\CrystalDiskMark3_0_3b-en.tmp N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E04SC.tmp\CrystalDiskMark3_0_3b-en.tmp N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A
N/A N/A C:\Windows\SysWOW64\RunDll32.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\CrystalDiskMark3_0_3b-en.exe

"C:\Users\Admin\AppData\Local\Temp\CrystalDiskMark3_0_3b-en.exe"

C:\Users\Admin\AppData\Local\Temp\is-E04SC.tmp\CrystalDiskMark3_0_3b-en.tmp

"C:\Users\Admin\AppData\Local\Temp\is-E04SC.tmp\CrystalDiskMark3_0_3b-en.tmp" /SL5="$501C6,1095529,195584,C:\Users\Admin\AppData\Local\Temp\CrystalDiskMark3_0_3b-en.exe"

C:\Windows\SysWOW64\RunDll32.exe

RunDll32.exe "C:\Users\Admin\AppData\Local\Temp\is-VHT9P.tmp\OCSetupHlp.dll",_OCPRD310OpenCandy2@16 380

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.opencandy.com udp

Files

memory/1244-3-0x0000000000401000-0x0000000000412000-memory.dmp

memory/1244-0-0x0000000000400000-0x000000000043A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-E04SC.tmp\CrystalDiskMark3_0_3b-en.tmp

MD5 d5696c0cbc3c518c6901f7fd718af16a
SHA1 b3b1959e8c20ae126127ef85da8284c47431f158
SHA256 25f81953c3ae2dc4276668821f6f855ad99d5c5d3170968f701781f5d8f332a4
SHA512 56c365b63e92e14e2dad2bfebe6306d831bfbd9839e03dc3652ed23543eacc1ffe3d939a50a100429d930aa29455418676b15039b3e89a2316c429cb554b584e

memory/380-7-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1244-12-0x0000000000400000-0x000000000043A000-memory.dmp

memory/380-13-0x0000000000400000-0x000000000053D000-memory.dmp

memory/380-17-0x0000000000400000-0x000000000053D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-VHT9P.tmp\OCSetupHlp.dll

MD5 a60cd235e75424d8db432acb2a65c10f
SHA1 72e6d61d5ac4f6a706a2b679d5f5673a2c1803d7
SHA256 d7cd71201d5bde456bb653828dabea16f373a1e89f768b4eb1fa907771a49f1f
SHA512 3de9ddce3d837af7cb07fe9fe98d942ded66cb61f5a5e918bfb6af9edd942791c1251881990d4ba80be864e87b5eb854747e23f07fde36781448fb8c14f110c9

memory/4208-35-0x0000000000C20000-0x0000000000C21000-memory.dmp

memory/380-37-0x0000000000400000-0x000000000053D000-memory.dmp

memory/380-39-0x0000000000400000-0x000000000053D000-memory.dmp

memory/4208-40-0x0000000000C20000-0x0000000000C21000-memory.dmp

memory/380-64-0x0000000000400000-0x000000000053D000-memory.dmp