Resubmissions
10-04-2022 01:27
220410-bvcftafdg7 310-04-2022 01:26
220410-btybwsccap 1022-03-2022 15:08
220322-shwscscegp 10Analysis
-
max time kernel
657s -
max time network
1566s -
platform
windows7_x64 -
resource
win7-20220310-en -
submitted
10-04-2022 01:27
Static task
static1
Behavioral task
behavioral1
Sample
docs_invoice_173.iso
Resource
win7-20220310-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
docs_invoice_173.iso
Resource
win10v2004-20220331-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
docs_invoice_173.iso
-
Size
210KB
-
MD5
e051009b12b37c7ee16e810c135f1fef
-
SHA1
415b27cd03d3d701a202924c26d25410ea0974d7
-
SHA256
5bc00ad792d4ddac7d8568f98a717caff9d5ef389ed355a15b892cc10ab2887b
-
SHA512
8ea0b905d829896c4a8380de578bced89b16c0be9b293f949ac4aa81679cc07da2ef71e9315c9f125cbf7d4c743ffb939671d64126c53437cad2311a73cf2cf7
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1616 wrote to memory of 744 1616 cmd.exe isoburn.exe PID 1616 wrote to memory of 744 1616 cmd.exe isoburn.exe PID 1616 wrote to memory of 744 1616 cmd.exe isoburn.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\docs_invoice_173.iso1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\isoburn.exe"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\docs_invoice_173.iso"2⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵