Overview

overview

6

Static

static

3

CdiResourc...il.exe

windows7-x64

1

CdiResourc...il.exe

windows10-2004-x64

1

CdiResourc...l4.exe

windows7-x64

1

CdiResourc...l4.exe

windows10-2004-x64

1

CdiResourc...48.exe

windows7-x64

1

CdiResourc...48.exe

windows10-2004-x64

1

CdiResourc...it.dll

windows7-x64

1

CdiResourc...it.dll

windows10-2004-x64

1

CdiResourc...it.dll

windows7-x64

1

CdiResourc...it.dll

windows10-2004-x64

1

CdiResourc...rs.dll

windows7-x64

1

CdiResourc...rs.dll

windows10-2004-x64

1

CdiResourc...h.html

windows7-x64

3

CdiResourc...h.html

windows10-2004-x64

3

CdiResourc...8.html

windows7-x64

3

CdiResourc...8.html

windows10-2004-x64

3

CdiResourc...n.html

windows7-x64

3

CdiResourc...n.html

windows10-2004-x64

3

CdiResourc...min.js

windows7-x64

3

CdiResourc...min.js

windows10-2004-x64

3

CdiResourc...min.js

windows7-x64

3

CdiResourc...min.js

windows10-2004-x64

3

CdiResourc...min.js

windows7-x64

3

CdiResourc...min.js

windows10-2004-x64

3

CdiResourc...ec.exe

windows7-x64

1

CdiResourc...ec.exe

windows10-2004-x64

3

DiskInfo32.exe

windows7-x64

6

DiskInfo32.exe

windows10-2004-x64

6

DiskInfo64.exe

windows7-x64

6

DiskInfo64.exe

windows10-2004-x64

6

DiskInfoA64.exe

windows7-x64

DiskInfoA64.exe

windows10-2004-x64

Analysis

  • max time kernel
    131s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    25/07/2024, 16:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DiskInfo32.exe

  • Size

    2.5MB

  • MD5

    c5d0557fb26679b38851dbecae8dedbb

  • SHA1

    2b924a911fa36ec34963f66a108cf790a8cb4796

  • SHA256

    4cbc4be268d1913f1e566ecb36cbe06f7c0326874ab1b5546df3b3d943304bdd

  • SHA512

    2c65c076dca18ece9ab328ed70895b4fb6675935dfc9821f4cf54eaaa358d9c32ccd967787c93c3aaba528200e086927cc73c588dea18b86301763f49ae266d4

  • SSDEEP

    49152:C1ADeQ8INvYkgx/+nmnM4atqZdd1v+0Krb:kADelqYkwWnmnM4aqTPKrb

Score
6/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DiskInfo32.exe
    "C:\Users\Admin\AppData\Local\Temp\DiskInfo32.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2072

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DiskInfo.ini
    Filesize

    341B

    MD5

    60c6c6cdf940d0d0d198ccbf6c01ccd0

    SHA1

    e6a2bb9399677648a2b7387ea760f03968b5af5c

    SHA256

    61d880ad85851e6bcd6dce2070e619b5f18a6de20e4b26ccdd587f87f7cfa1c3

    SHA512

    eddd397b353c43bc76fb80fa67141b5554a0910335dacfa09e6d6c296d2bfa0f0a93b9ace3473ab41ed9d3a3da3b6c6bd0a15a3ab91d9156554959ada7a554d2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DiskInfo.ini
    Filesize

    56B

    MD5

    639b21ec594fd6ec5802c828dd4ff54a

    SHA1

    74ce0add6ab4393ec10564121e3e11927f845cf6

    SHA256

    14d1c79e51df74708de3a6868d6fdd3dd30a33867051a7c60f0746ffc977003a

    SHA512

    89e36f93a2afec70873e4a6735db00cfbf01715888bab35cc7feab68e5a353495b2269f47b6cb2f4ecfd2faedc66367c1bbb157757a6dea0f91f93c0b99522d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DiskInfo.ini
    Filesize

    323B

    MD5

    2658c9051165b87d45f8f72d6aeaeaf3

    SHA1

    a01d328a112a5aef7ec2f8dbb22dd89c16638844

    SHA256

    9bf2cd7154cd6291d5fb2fcc0deb5ede354bd2f14a574428465e1e6ec7e5081c

    SHA512

    4540d2c299487a3f6da9bca914d9ed14e2ed788cd64cd7a353079587ed67cf38576fb572f27ae9f020fced44b433ed2444478f60d44cdaba616d1c846f49a424

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Smart\DADY HARDDISKDD00013\09.csv
    Filesize

    25B

    MD5

    2ef0f3773957c58f6f82e4e74eec9fb1

    SHA1

    bb10e01c92a04b32e6832175442e897c0ac2f0aa

    SHA256

    6ba5d10a37c6ee12e6af10d22f611193826fe88df1afc8291bbab7fd2d6465b4

    SHA512

    c2b8fe592b05852cb1b1451ca5f1f80ca40e29985e1297c1379c582f2b30c05564d6d4a6f4fd44b1819dfbc76dd2425218157f1b2a0568f6ed196553dc826d34

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Smart\DADY HARDDISKDD00013\Smart.ini
    Filesize

    536B

    MD5

    c3685d67141fe2abbab7049de5238108

    SHA1

    8def2495d9a218dad8851d8f54804eb017249a2d

    SHA256

    366fc86a63135cc856d6a57c303c1c40adb2a6b8af3a7edd2799e3818d5ffa6c

    SHA512

    b4c93a1ee5ab3742a813f99ae04df8f586e1aee8fc5b00bf7e0cfc38de2ac4e7adafbda70d0f0cc6e6cf5c1dbe12df391beb0a71c075b5328006b543a1d019d0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Smart\DADY HARDDISKDD00013\Smart.ini
    Filesize

    212B

    MD5

    795ca107148463b30fff7bd5812a3ca4

    SHA1

    9b2896127675d0815ca9dc153b0b8b2815a691c1

    SHA256

    279475229f03077fa4ea7004d4c658cc63db3336b821dd4cdfe75c3117bf4d1c

    SHA512

    7ce04e9848ce9cd9f3a1c95624eccb0f4395dcd97bd0344778b6c4edfb1158b32cf425f62bf50016ea716b6326fdee908f85c9c111d23595656bdd9f57fd67e9

    Download Submit