Overview

overview

6

Static

static

3

CdiResourc...il.exe

windows7-x64

1

CdiResourc...il.exe

windows10-2004-x64

1

CdiResourc...l4.exe

windows7-x64

1

CdiResourc...l4.exe

windows10-2004-x64

1

CdiResourc...48.exe

windows7-x64

1

CdiResourc...48.exe

windows10-2004-x64

1

CdiResourc...it.dll

windows7-x64

1

CdiResourc...it.dll

windows10-2004-x64

1

CdiResourc...it.dll

windows7-x64

1

CdiResourc...it.dll

windows10-2004-x64

1

CdiResourc...rs.dll

windows7-x64

1

CdiResourc...rs.dll

windows10-2004-x64

1

CdiResourc...h.html

windows7-x64

3

CdiResourc...h.html

windows10-2004-x64

3

CdiResourc...8.html

windows7-x64

3

CdiResourc...8.html

windows10-2004-x64

3

CdiResourc...n.html

windows7-x64

3

CdiResourc...n.html

windows10-2004-x64

3

CdiResourc...min.js

windows7-x64

3

CdiResourc...min.js

windows10-2004-x64

3

CdiResourc...min.js

windows7-x64

3

CdiResourc...min.js

windows10-2004-x64

3

CdiResourc...min.js

windows7-x64

3

CdiResourc...min.js

windows10-2004-x64

3

CdiResourc...ec.exe

windows7-x64

1

CdiResourc...ec.exe

windows10-2004-x64

3

DiskInfo32.exe

windows7-x64

6

DiskInfo32.exe

windows10-2004-x64

6

DiskInfo64.exe

windows7-x64

6

DiskInfo64.exe

windows10-2004-x64

6

DiskInfoA64.exe

windows7-x64

DiskInfoA64.exe

windows10-2004-x64

Analysis

  • max time kernel
    131s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    25/07/2024, 16:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    DiskInfo64.exe

  • Size

    2.7MB

  • MD5

    290b9d139ca0057e5970d02bab50ee1e

  • SHA1

    19416e9b9e66b29bfbcd2be8d4051025e1370904

  • SHA256

    d6d7dde91c5d873778c7cfe300c4cd325cf827b522dbdd9834a2c636dcbd99d9

  • SHA512

    eab988fedf1d7988ec475f18d171f342d7c5ec6ca357f67041848f9eb018996ff8a36a8f3aa348c84f9a545c584118c899052ebd0ff656b06664e31cde58cde4

  • SSDEEP

    49152:HgZ3iZKjw0IehynmnM4atqZdd1v+0Krb:wIewnmnM4aqTPKrb

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DiskInfo64.exe
    "C:\Users\Admin\AppData\Local\Temp\DiskInfo64.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of SetWindowsHookEx
    PID:1320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DiskInfo.ini
    Filesize

    341B

    MD5

    60c6c6cdf940d0d0d198ccbf6c01ccd0

    SHA1

    e6a2bb9399677648a2b7387ea760f03968b5af5c

    SHA256

    61d880ad85851e6bcd6dce2070e619b5f18a6de20e4b26ccdd587f87f7cfa1c3

    SHA512

    eddd397b353c43bc76fb80fa67141b5554a0910335dacfa09e6d6c296d2bfa0f0a93b9ace3473ab41ed9d3a3da3b6c6bd0a15a3ab91d9156554959ada7a554d2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DiskInfo.ini
    Filesize

    323B

    MD5

    2658c9051165b87d45f8f72d6aeaeaf3

    SHA1

    a01d328a112a5aef7ec2f8dbb22dd89c16638844

    SHA256

    9bf2cd7154cd6291d5fb2fcc0deb5ede354bd2f14a574428465e1e6ec7e5081c

    SHA512

    4540d2c299487a3f6da9bca914d9ed14e2ed788cd64cd7a353079587ed67cf38576fb572f27ae9f020fced44b433ed2444478f60d44cdaba616d1c846f49a424

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DiskInfo.ini
    Filesize

    56B

    MD5

    639b21ec594fd6ec5802c828dd4ff54a

    SHA1

    74ce0add6ab4393ec10564121e3e11927f845cf6

    SHA256

    14d1c79e51df74708de3a6868d6fdd3dd30a33867051a7c60f0746ffc977003a

    SHA512

    89e36f93a2afec70873e4a6735db00cfbf01715888bab35cc7feab68e5a353495b2269f47b6cb2f4ecfd2faedc66367c1bbb157757a6dea0f91f93c0b99522d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Smart\DADY HARDDISKDD00013\09.csv
    Filesize

    25B

    MD5

    881671302a5b6d357094d81bc13bd2fd

    SHA1

    527b35712ab675fda5c982313ddb4b401d648182

    SHA256

    890fad37199fa8126ae9769e066c74a38d92b70c06a6b2a7232f99386cd31d06

    SHA512

    70d26a7a0921556b9deaf02b4f193f52a5780bc16785e6784ba7857bff93495066d638e864eb7fc46cce8f6f2734d334dd0ce0930dc0a88f5f7e1d87bbac07b8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Smart\DADY HARDDISKDD00013\Smart.ini
    Filesize

    453B

    MD5

    eedd6420763182d8de36d257769198dc

    SHA1

    a7096edcd98c006b298db0d757188ec7d302e6ce

    SHA256

    6ad8ca64b8e666a12331eaefd87b0c863db3ad6389fee3d8706010527e652e30

    SHA512

    6be0545165e38c748c803dacbe0768e8461ee80883dc0e731dede8c9ee94943a5dac821caf3971b2263ee07377081d56a6101be0f5bf7098efca9a5ca3bd58ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Smart\DADY HARDDISKDD00013\Smart.ini
    Filesize

    248B

    MD5

    93de8bc43a75b9d552ea8778cf8b59d2

    SHA1

    30b16faa5c4066e3bc9f0816acfabe554882a415

    SHA256

    32e56d9ebad875caa8ba3cfe195345cb03c290f490dc81d4ab7fae5684df578e

    SHA512

    aebf0f42f53625854a0ba38fedce22c2c349d3b8c1467459f6dc8398ca24b84d6b5c856d731957baea2d07bffcfa97a70a35451ae7cb9ba6eea179652dc9f2d5

    Download Submit