5bc00ad792d4ddac7d8568f98a717caff9d5ef389ed355a15b892cc10ab2887b

Resubmissions

10-04-2022 01:27

220410-bvcftafdg7 3

10-04-2022 01:26

220410-btybwsccap 10

22-03-2022 15:08

220322-shwscscegp 10

Analysis

max time kernel
657s
max time network
1566s
platform
windows7_x64
resource
win7-20220310-en
submitted
10-04-2022 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

docs_invoice_173.iso
Size

210KB
MD5

e051009b12b37c7ee16e810c135f1fef
SHA1

415b27cd03d3d701a202924c26d25410ea0974d7
SHA256

5bc00ad792d4ddac7d8568f98a717caff9d5ef389ed355a15b892cc10ab2887b
SHA512

8ea0b905d829896c4a8380de578bced89b16c0be9b293f949ac4aa81679cc07da2ef71e9315c9f125cbf7d4c743ffb939671d64126c53437cad2311a73cf2cf7

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1616 wrote to memory of 744	1616	cmd.exe	isoburn.exe
PID 1616 wrote to memory of 744	1616	cmd.exe	isoburn.exe
PID 1616 wrote to memory of 744	1616	cmd.exe	isoburn.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\docs_invoice_173.iso
1⤵
- Suspicious use of WriteProcessMemory
PID:1616

C:\Windows\System32\isoburn.exe
"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\docs_invoice_173.iso"
2⤵
PID:744

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1060

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/744-76-0x0000000000000000-mapping.dmp

Download
memory/1616-54-0x000007FEFC061000-0x000007FEFC063000-memory.dmp

Filesize
8KB

Download