Overview

overview

7

Static

static

7

2e6b97d8f0...18.exe

windows7-x64

7

2e6b97d8f0...18.exe

windows10-2004-x64

7

$PLUGINSDI...64.dll

windows7-x64

3

$PLUGINSDI...64.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...om.dll

windows7-x64

7

$PLUGINSDI...om.dll

windows10-2004-x64

7

edisk.exe

windows7-x64

3

edisk.exe

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-07-2024 00:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    edisk.exe

  • Size

    1.2MB

  • MD5

    c7f16d59909aab232cb15bf53a37e5d8

  • SHA1

    085e0be9c5fabc8291f9651bdeddd1369fe70eb7

  • SHA256

    eff8bd10cd6ecb56bfe8e11b29ebd136e9fc062bf0089205b7b208444a2fe5e8

  • SHA512

    314d3a6776af6c8312315c54665dbf54e5ccd5b71b6d76e47e894643916a174e2e8b62d933e0924882e8a10a1b337076b561182f3ee0c2b5277f2cbb667d646b

  • SSDEEP

    24576:DyMXt2Fq5rGAd4Lng7ePdaCvpscPbzsZ6I1JNdpsezQcFrzraZu29:DyMXt2A5rGAkgMdtsYbzsoIx8u9zWZuI

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\edisk.exe
    "C:\Users\Admin\AppData\Local\Temp\edisk.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:5044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5044-0-0x0000000000400000-0x0000000000732000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/5044-1-0x0000000000731000-0x0000000000732000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5044-2-0x0000000000400000-0x0000000000732000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/5044-3-0x0000000000400000-0x0000000000732000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/5044-4-0x0000000000400000-0x0000000000732000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/5044-5-0x0000000000400000-0x0000000000732000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/5044-9-0x0000000000400000-0x0000000000732000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/5044-14-0x0000000000400000-0x0000000000732000-memory.dmp

    Filesize

    3.2MB

    Download