1472780b22a70f13e6aec3ffd06fc9714748841f9f88c3c3b743d247d9711d68

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DataDiskDoctor.exe
Size

357KB
MD5

9a3716009c26e7c29d0d8c94b175dbe4
SHA1

6e17d958230b3f5f771440e16d7a47da1f6a23d3
SHA256

8fdbe2e9bf821321b8edcb63566800deaa54b3cf0b3e5f60fd441c22c387fb3e
SHA512

0be80f8276cf2b90ddfce39b947e0ebe98d7a1a883c62d23a88542375b379a55df592836c8508ae81e7d2ef88b9001cef2457939bc8e7c3b7e4c84baf6df2cb5
SSDEEP

6144:68yZw0EMTNHw7Ip+rKUEqpjyfe03qJf1zw4T/+8zXTfwcDKl+oSU+:rZ0btw6+rK5qkfe03j4j+cD4choSD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral12/memory/2392-0-0x0000000000400000-0x000000000050A000-memory.dmp	upx
behavioral12/memory/2392-12-0x0000000000400000-0x000000000050A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2392	DataDiskDoctor.exe
2392	DataDiskDoctor.exe

C:\Users\Admin\AppData\Local\Temp\DataDiskDoctor.exe
"C:\Users\Admin\AppData\Local\Temp\DataDiskDoctor.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\GetRightToGo\DataDiskDoctor.data

Filesize
1KB

MD5
ed25328f7f56f51bddfee9ee4d91aa4e

SHA1
364497298bae27490cf5f53e4321194111524243

SHA256
526f45ab45ef4cf7d09b88435081276e643c75f42cccd06bf948da7e9a928b22

SHA512
f04f5dddd7120053cb91d27caa8488246f3cba6101687e2006db920ddcb2edbfcf8c28c8381ca5bb08e977bf5cdd96eeb413156f42e9196197fe770df37acfe2

Download Submit
memory/2392-0-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2392-12-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download