130f7d79e442416b3d379f8be9f0bf23a0e3c9a0a7f16a1dee16b81d68aef968

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

004245c6089fc03dfb10c61e81ea05cd.exe
Size

255KB
MD5

004245c6089fc03dfb10c61e81ea05cd
SHA1

0d717b6502d1331240b7a512e4af7bd8c504efde
SHA256

130f7d79e442416b3d379f8be9f0bf23a0e3c9a0a7f16a1dee16b81d68aef968
SHA512

b9eb42b300494aa357d38b9c1ed7b6b5c11ce011de48dbaecd734e383550b0dac70f768b45d86925e532abb6c433e959719a69f3cdc0b0a2813bd0e0c50da6d2
SSDEEP

6144:8kE+X7/jbFzs46GRWyF966fSdgewsVeMnnkunRMlE:o+rrRlv9R6dgdOesnkC2lE

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum	004245c6089fc03dfb10c61e81ea05cd.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum	004245c6089fc03dfb10c61e81ea05cd.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\GoldenMatch.job	004245c6089fc03dfb10c61e81ea05cd.exe

C:\Users\Admin\AppData\Local\Temp\004245c6089fc03dfb10c61e81ea05cd.exe
"C:\Users\Admin\AppData\Local\Temp\004245c6089fc03dfb10c61e81ea05cd.exe"
1⤵
- Maps connected drives based on registry
- Drops file in Windows directory
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2000-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2000-1-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/2000-2-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2000-3-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/2000-4-0x00000000000A0000-0x00000000000C9000-memory.dmp

Filesize
164KB

Download
memory/2000-5-0x00000000001A0000-0x00000000001CF000-memory.dmp

Filesize
188KB

Download
memory/2000-9-0x00000000000A0000-0x00000000000C9000-memory.dmp

Filesize
164KB

Download
memory/2000-14-0x0000000000220000-0x0000000000247000-memory.dmp

Filesize
156KB

Download
memory/2000-20-0x00000000000A0000-0x00000000000C9000-memory.dmp

Filesize
164KB

Download
memory/2000-23-0x00000000000A0000-0x00000000000C9000-memory.dmp

Filesize
164KB

Download
memory/2000-25-0x00000000000A0000-0x00000000000C9000-memory.dmp

Filesize
164KB

Download