Overview

overview

6

Static

static

3

CdiResourc...il.exe

windows7-x64

1

CdiResourc...il.exe

windows10-2004-x64

1

CdiResourc...l4.exe

windows7-x64

1

CdiResourc...l4.exe

windows10-2004-x64

1

CdiResourc...48.exe

windows7-x64

1

CdiResourc...48.exe

windows10-2004-x64

1

CdiResourc...it.dll

windows7-x64

1

CdiResourc...it.dll

windows10-2004-x64

1

CdiResourc...it.dll

windows7-x64

1

CdiResourc...it.dll

windows10-2004-x64

1

CdiResourc...rs.dll

windows7-x64

1

CdiResourc...rs.dll

windows10-2004-x64

1

CdiResourc...h.html

windows7-x64

3

CdiResourc...h.html

windows10-2004-x64

3

CdiResourc...8.html

windows7-x64

3

CdiResourc...8.html

windows10-2004-x64

3

CdiResourc...n.html

windows7-x64

3

CdiResourc...n.html

windows10-2004-x64

3

CdiResourc...min.js

windows7-x64

3

CdiResourc...min.js

windows10-2004-x64

3

CdiResourc...min.js

windows7-x64

3

CdiResourc...min.js

windows10-2004-x64

3

CdiResourc...min.js

windows7-x64

3

CdiResourc...min.js

windows10-2004-x64

3

CdiResourc...ec.exe

windows7-x64

1

CdiResourc...ec.exe

windows10-2004-x64

3

DiskInfo32.exe

windows7-x64

6

DiskInfo32.exe

windows10-2004-x64

6

DiskInfo64.exe

windows7-x64

6

DiskInfo64.exe

windows10-2004-x64

6

DiskInfoA64.exe

windows7-x64

DiskInfoA64.exe

windows10-2004-x64

Analysis

  • max time kernel
    136s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/07/2024, 16:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    DiskInfo32.exe

  • Size

    2.5MB

  • MD5

    c5d0557fb26679b38851dbecae8dedbb

  • SHA1

    2b924a911fa36ec34963f66a108cf790a8cb4796

  • SHA256

    4cbc4be268d1913f1e566ecb36cbe06f7c0326874ab1b5546df3b3d943304bdd

  • SHA512

    2c65c076dca18ece9ab328ed70895b4fb6675935dfc9821f4cf54eaaa358d9c32ccd967787c93c3aaba528200e086927cc73c588dea18b86301763f49ae266d4

  • SSDEEP

    49152:C1ADeQ8INvYkgx/+nmnM4atqZdd1v+0Krb:kADelqYkwWnmnM4aqTPKrb

Score
6/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DiskInfo32.exe
    "C:\Users\Admin\AppData\Local\Temp\DiskInfo32.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:4892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DiskInfo.ini
    Filesize

    56B

    MD5

    639b21ec594fd6ec5802c828dd4ff54a

    SHA1

    74ce0add6ab4393ec10564121e3e11927f845cf6

    SHA256

    14d1c79e51df74708de3a6868d6fdd3dd30a33867051a7c60f0746ffc977003a

    SHA512

    89e36f93a2afec70873e4a6735db00cfbf01715888bab35cc7feab68e5a353495b2269f47b6cb2f4ecfd2faedc66367c1bbb157757a6dea0f91f93c0b99522d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DiskInfo.ini
    Filesize

    341B

    MD5

    60c6c6cdf940d0d0d198ccbf6c01ccd0

    SHA1

    e6a2bb9399677648a2b7387ea760f03968b5af5c

    SHA256

    61d880ad85851e6bcd6dce2070e619b5f18a6de20e4b26ccdd587f87f7cfa1c3

    SHA512

    eddd397b353c43bc76fb80fa67141b5554a0910335dacfa09e6d6c296d2bfa0f0a93b9ace3473ab41ed9d3a3da3b6c6bd0a15a3ab91d9156554959ada7a554d2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DiskInfo.ini
    Filesize

    26B

    MD5

    845cfadc36bf68dd7b619214675d5605

    SHA1

    e806406c94db7ff43bc87ebdb1b44acaaace4268

    SHA256

    c0c15dd2e792406d8e89b2f81d0fd635ec622d72db643cac3851dcabce6a3452

    SHA512

    cd89efb0cebb6cc48b4455b6a7102f603960d5d15fbc834c5df2259ef79112fe740587189bd577aa1ef157883c7f0cfbf9f6adf7c2d93ba1498874523a0fa321

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DiskInfo.ini
    Filesize

    151B

    MD5

    14b658c47163b8cef26d0170f1bdecb3

    SHA1

    3661769a06076fa743f569e3f2abf7362cc4403f

    SHA256

    e409e230ee5016e2b7dca06d783f6e79276bb9ea29ccab491bc1f374353f34ab

    SHA512

    7ee80c0564dd640d3689cc3f41402ad6293216b46a82b1617f0f3b1bd18d4d30595be3a6075637179a09e10afbe0074cb5318e070d5aa6ed5b9fc9924e37ce9c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DiskInfo.ini
    Filesize

    323B

    MD5

    2658c9051165b87d45f8f72d6aeaeaf3

    SHA1

    a01d328a112a5aef7ec2f8dbb22dd89c16638844

    SHA256

    9bf2cd7154cd6291d5fb2fcc0deb5ede354bd2f14a574428465e1e6ec7e5081c

    SHA512

    4540d2c299487a3f6da9bca914d9ed14e2ed788cd64cd7a353079587ed67cf38576fb572f27ae9f020fced44b433ed2444478f60d44cdaba616d1c846f49a424

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Smart\DADY HARDDISKDD00013\09.csv
    Filesize

    25B

    MD5

    b6ce5c246a9778683780da615eab2261

    SHA1

    e606e2d9f8bca144e56c64797ab4bdcd57dfb6ee

    SHA256

    927ccb9d31a3f3c5dfd27de60691096c158a34b7cf5da158f793390e5001d9c6

    SHA512

    e68f9acc8c229e54e6654cdd30edaa1f03592ddeb9dac0543c80e2799174352ee8838f6012a0889e3451a135d507a4dd1226c027dd91620a9f2e498f8388d2b6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Smart\DADY HARDDISKDD00013\Smart.ini
    Filesize

    536B

    MD5

    51c679cedce441c97599a21846182623

    SHA1

    23d318f486c6b3845fe153c19bf374cb98df602f

    SHA256

    c74780df45511cb073a471acf3fe110d25899e9a9d8e215e00a2f3e475d2417f

    SHA512

    e27f645d4f6eabb1789b36f5692c7268e031d90eb78a46e1e516a2d4dccbbd1de52c094d693d1f2e0bc09a5d84f13bb8126ecb7318c9b43771033ba35ff68c56

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Smart\DADY HARDDISKDD00013\Smart.ini
    Filesize

    309B

    MD5

    e5746fd9dac020d367c478b6648acc14

    SHA1

    b7b0310040ec68e7bd674890c89ed0a84ee4facd

    SHA256

    880ae2cab8c5ec91319c5d660b2c7aa9a458229557d6893fa7737c9700c711c5

    SHA512

    2a4111e0cb6c86d5fdca7f79d156ce4219d1e3658f12b942ae3148822423293ced3b36496d458b699a8eea89709c84cc6c6cf15c98cd885076e1fbd425da3af4

    Download Submit