df8bdda603d4104fb082f1d5f2cd9010cc37e1db71f0c8c8a650619838bc827e

Analysis

max time kernel
147s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2024 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DiskMark64.exe
Size

877KB
MD5

c4e82f68539341c2ec54afaa70be5b2b
SHA1

2815139d7c326ff7d1d3036ef81954a3d2ab31b3
SHA256

fca281bd9e8a577065963dc94057ce5a1423190ab8ac1f4072e3e18ad814ae60
SHA512

d0fa1b6b92b1b6932030d76a3ebb28038b5d32cffefc75c719f4c102b2b57694f4de42c74e33d24241b7d0b11b6d0530a422f07df77ebcb769792b992a64adfa
SSDEEP

12288:pcV35zuwJqOgG9zQw76G42huZ3iw5tUNVtBMW1ln4N5JxQR/nZOpH0qsdT4zTwPL:pS537a2hRUtUbb1d4E40qsdTIqitY1pN

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3600	DiskMark64.exe
3600	DiskMark64.exe
3600	DiskMark64.exe

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 3600 wrote to memory of 4680	3600	DiskMark64.exe	86
PID 3600 wrote to memory of 4680	3600	DiskMark64.exe	86
PID 3600 wrote to memory of 4904	3600	DiskMark64.exe	88
PID 3600 wrote to memory of 4904	3600	DiskMark64.exe	88
PID 3600 wrote to memory of 1236	3600	DiskMark64.exe	90
PID 3600 wrote to memory of 1236	3600	DiskMark64.exe	90
PID 3600 wrote to memory of 2464	3600	DiskMark64.exe	92
PID 3600 wrote to memory of 2464	3600	DiskMark64.exe	92
PID 3600 wrote to memory of 456	3600	DiskMark64.exe	95
PID 3600 wrote to memory of 456	3600	DiskMark64.exe	95
PID 3600 wrote to memory of 2696	3600	DiskMark64.exe	98
PID 3600 wrote to memory of 2696	3600	DiskMark64.exe	98
PID 3600 wrote to memory of 4060	3600	DiskMark64.exe	101
PID 3600 wrote to memory of 4060	3600	DiskMark64.exe	101
PID 3600 wrote to memory of 2240	3600	DiskMark64.exe	103
PID 3600 wrote to memory of 2240	3600	DiskMark64.exe	103
PID 3600 wrote to memory of 5088	3600	DiskMark64.exe	105
PID 3600 wrote to memory of 5088	3600	DiskMark64.exe	105
PID 3600 wrote to memory of 4876	3600	DiskMark64.exe	107
PID 3600 wrote to memory of 4876	3600	DiskMark64.exe	107
PID 3600 wrote to memory of 2312	3600	DiskMark64.exe	109
PID 3600 wrote to memory of 2312	3600	DiskMark64.exe	109
PID 3600 wrote to memory of 384	3600	DiskMark64.exe	111
PID 3600 wrote to memory of 384	3600	DiskMark64.exe	111
PID 3600 wrote to memory of 4516	3600	DiskMark64.exe	113
PID 3600 wrote to memory of 4516	3600	DiskMark64.exe	113
PID 3600 wrote to memory of 2204	3600	DiskMark64.exe	115
PID 3600 wrote to memory of 2204	3600	DiskMark64.exe	115
PID 3600 wrote to memory of 5072	3600	DiskMark64.exe	117
PID 3600 wrote to memory of 5072	3600	DiskMark64.exe	117
PID 3600 wrote to memory of 632	3600	DiskMark64.exe	119
PID 3600 wrote to memory of 632	3600	DiskMark64.exe	119
PID 3600 wrote to memory of 4024	3600	DiskMark64.exe	121
PID 3600 wrote to memory of 4024	3600	DiskMark64.exe	121
PID 3600 wrote to memory of 1120	3600	DiskMark64.exe	123
PID 3600 wrote to memory of 1120	3600	DiskMark64.exe	123
PID 3600 wrote to memory of 3628	3600	DiskMark64.exe	125
PID 3600 wrote to memory of 3628	3600	DiskMark64.exe	125
PID 3600 wrote to memory of 404	3600	DiskMark64.exe	127
PID 3600 wrote to memory of 404	3600	DiskMark64.exe	127
PID 3600 wrote to memory of 1524	3600	DiskMark64.exe	129
PID 3600 wrote to memory of 1524	3600	DiskMark64.exe	129
PID 3600 wrote to memory of 3472	3600	DiskMark64.exe	131
PID 3600 wrote to memory of 3472	3600	DiskMark64.exe	131
PID 3600 wrote to memory of 3736	3600	DiskMark64.exe	133
PID 3600 wrote to memory of 3736	3600	DiskMark64.exe	133
PID 3600 wrote to memory of 220	3600	DiskMark64.exe	135
PID 3600 wrote to memory of 220	3600	DiskMark64.exe	135

C:\Users\Admin\AppData\Local\Temp\DiskMark64.exe
"C:\Users\Admin\AppData\Local\Temp\DiskMark64.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3600
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b1024K -o8 -t1 -W0 -S -w0 -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:4680
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b1024K -o8 -t1 -W0 -S -w0 -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:4904
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b1024K -o8 -t1 -W0 -S -w0 -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:1236
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b1024K -o8 -t1 -W0 -S -w0 -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:2464
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b1024K -o8 -t1 -W0 -S -w0 -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:456
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b1024K -o8 -t1 -W0 -S -w0 -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:2696
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b1024K -o1 -t1 -W0 -S -w0 -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:4060
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b1024K -o1 -t1 -W0 -S -w0 -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:2240
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b1024K -o1 -t1 -W0 -S -w0 -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:5088
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b1024K -o1 -t1 -W0 -S -w0 -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:4876
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b1024K -o1 -t1 -W0 -S -w0 -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:2312
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b1024K -o1 -t1 -W0 -S -w0 -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:384
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b4K -o32 -t1 -W0 -S -w0 -r -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:4516
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b4K -o32 -t1 -W0 -S -w0 -r -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:2204
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b4K -o32 -t1 -W0 -S -w0 -r -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:5072
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b4K -o32 -t1 -W0 -S -w0 -r -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:632
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b4K -o32 -t1 -W0 -S -w0 -r -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:4024
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b4K -o32 -t1 -W0 -S -w0 -r -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:1120
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b4K -o1 -t1 -W0 -S -w0 -r -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:3628
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b4K -o1 -t1 -W0 -S -w0 -r -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:404
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b4K -o1 -t1 -W0 -S -w0 -r -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:1524
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b4K -o1 -t1 -W0 -S -w0 -r -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:3472
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b4K -o1 -t1 -W0 -S -w0 -r -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:3736
- C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe
  "C:\Users\Admin\AppData\Local\Temp\CdmResource\diskspd\diskspd64.exe" -b4K -o1 -t1 -W0 -S -w0 -r -ag -d5 -A3600 -L "C:\CrystalDiskMark0E57A7FE\CrystalDiskMark0E57A7FE.tmp"
  2⤵
  PID:220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DiskMark64.ini

Filesize
65B

MD5
21f1095279e170b820c35afb428e3716

SHA1
c0b8061d12fc03131ccd163b3a8efda525f56275

SHA256
20495311dd3fe12dd93872d5cb566655dbd7cda18fc50b839110f31c257974bc

SHA512
77dc2eb089411dca3031497ae486a871216e9e04f40aaa108409ff3e84452020f6c0d40ed35625a04c8adfc8b163dac1a70eeb65a851c7018c10919176b0bc72

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads