Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
04-01-2022 04:16
Static task
static1
Behavioral task
behavioral1
Sample
d0bbf57aae4d2807dce2ec9dff881b5ece9dcd236ab9753aefafdf67cc57e9b2.iso
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d0bbf57aae4d2807dce2ec9dff881b5ece9dcd236ab9753aefafdf67cc57e9b2.iso
Resource
win10-en-20211208
Behavioral task
behavioral3
Sample
image006.png.js
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
image006.png.js
Resource
win10-en-20211208
General
-
Target
d0bbf57aae4d2807dce2ec9dff881b5ece9dcd236ab9753aefafdf67cc57e9b2.iso
-
Size
270KB
-
MD5
faa422c6ccfe96edff7000ebef7b5776
-
SHA1
d9d72c12edecd7218b15f1554515f79bde997f72
-
SHA256
d0bbf57aae4d2807dce2ec9dff881b5ece9dcd236ab9753aefafdf67cc57e9b2
-
SHA512
2f39df9b952074d1b10c880671896770681f1e736bf57271c5790d20afcf9cc41e7180cea3c07aa2dd60808eda85a389696f7529f50a38e374d34d5a0e782dce
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1592 wrote to memory of 268 1592 cmd.exe isoburn.exe PID 1592 wrote to memory of 268 1592 cmd.exe isoburn.exe PID 1592 wrote to memory of 268 1592 cmd.exe isoburn.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\d0bbf57aae4d2807dce2ec9dff881b5ece9dcd236ab9753aefafdf67cc57e9b2.iso1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\isoburn.exe"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\d0bbf57aae4d2807dce2ec9dff881b5ece9dcd236ab9753aefafdf67cc57e9b2.iso"2⤵