41caeb1dab6ab9da4571b88cd0a0a2b3a21ce305909358e538a04f988d4a139f

Analysis

max time kernel
591s
max time network
461s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
30-06-2024 16:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hwid pack/HardDisk.exe
Size

636KB
MD5

c20e96d4e616ce333c19a1c15a1cc137
SHA1

f79645ec115130ee59958c55a556f564260b7a9e
SHA256

2c141c06f7df57f11ef2c62f2a96093484a65df47065b1a475c53784af0e2664
SHA512

519fec9955c4a18e45ec68d9e7dc2bcda74721a6ea088e59e634e26b136bfa15f5efedf8839c036a3cfdcdb9780a2121dc2d71f1fdbbfd3df02d9969e5db753b
SSDEEP

12288:EN1TNRzUSWgDxPWnP0Lamg+hyMU1EUFT99qpDDcZDDR5Id1888888888888W888H:whNRASWgDxPWnP0LamWYC8EOd

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

HardDisk.exe

description	ioc	process
File opened (read-only)	\??\S:	HardDisk.exe
File opened (read-only)	\??\U:	HardDisk.exe
File opened (read-only)	\??\W:	HardDisk.exe
File opened (read-only)	\??\Z:	HardDisk.exe
File opened (read-only)	\??\E:	HardDisk.exe
File opened (read-only)	\??\I:	HardDisk.exe
File opened (read-only)	\??\P:	HardDisk.exe
File opened (read-only)	\??\Q:	HardDisk.exe
File opened (read-only)	\??\V:	HardDisk.exe
File opened (read-only)	\??\X:	HardDisk.exe
File opened (read-only)	\??\H:	HardDisk.exe
File opened (read-only)	\??\M:	HardDisk.exe
File opened (read-only)	\??\G:	HardDisk.exe
File opened (read-only)	\??\T:	HardDisk.exe
File opened (read-only)	\??\J:	HardDisk.exe
File opened (read-only)	\??\K:	HardDisk.exe
File opened (read-only)	\??\L:	HardDisk.exe
File opened (read-only)	\??\N:	HardDisk.exe
File opened (read-only)	\??\O:	HardDisk.exe
File opened (read-only)	\??\R:	HardDisk.exe
File opened (read-only)	\??\A:	HardDisk.exe
File opened (read-only)	\??\B:	HardDisk.exe
File opened (read-only)	\??\Y:	HardDisk.exe

C:\Users\Admin\AppData\Local\Temp\hwid pack\HardDisk.exe
"C:\Users\Admin\AppData\Local\Temp\hwid pack\HardDisk.exe"
1⤵
- Enumerates connected drives
PID:2780

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4728

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2780-0-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/2780-1-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2780-3-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download