405275d22408d10f696802e3eac9348f0c62ac69e3d5e43f096c984f7de65d85

Analysis

max time kernel
1s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2023, 20:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Activacion Windows 10 pro - gameandapp/BIN/gatherosstate.exe
Size

1.3MB
MD5

b13bc5b62f54607c334a6464d9b85cc8
SHA1

12721c69acbcb515f7adbee08ec42fc61192c187
SHA256

51791625054b01802fd5aaa6c4a929827b369dfef7b2891b5f55e0fa61af0c7d
SHA512

58a9c4e413992b8c225fd622934929382070cbe8c8999bdb93851a1f46a0129d674135eacce2b3f96a19dfbb7333e3b921b5e39b727339c9897de7a02d2ce3bf
SSDEEP

24576:d66aa+++b+xBxAtO/z08BAZffwEhVpK05wDn7kJQ8FKMEx9+a8S8bB:d66aa+++b+xBxAtO7/eZffw8VpeDn7kD

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	gatherosstate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	gatherosstate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	gatherosstate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	gatherosstate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	gatherosstate.exe

C:\Users\Admin\AppData\Local\Temp\Activacion Windows 10 pro - gameandapp\BIN\gatherosstate.exe
"C:\Users\Admin\AppData\Local\Temp\Activacion Windows 10 pro - gameandapp\BIN\gatherosstate.exe"
1⤵
- Checks SCSI registry key(s)
PID:4136

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4136-133-0x00000000002B0000-0x00000000002C0000-memory.dmp

Filesize
64KB

Download
memory/4136-134-0x00000000002B0000-0x00000000002C0000-memory.dmp

Filesize
64KB

Download
memory/4136-135-0x00000000002B0000-0x00000000002C0000-memory.dmp

Filesize
64KB

Download
memory/4136-136-0x00000000002B0000-0x00000000002C0000-memory.dmp

Filesize
64KB

Download
memory/4136-137-0x00000000002B0000-0x00000000002C0000-memory.dmp

Filesize
64KB

Download
memory/4136-138-0x0000000063780000-0x0000000063798000-memory.dmp

Filesize
96KB

Download