Overview
overview
10Static
static
Document-1310.iso
windows7_x64
3Document-1310.iso
windows10-2004_x64
31662.ps1
windows7_x64
11662.ps1
windows10-2004_x64
10Scan_139.jpg
windows7_x64
3Scan_139.jpg
windows10-2004_x64
3Scan_139.jpg.lnk
windows7_x64
3Scan_139.jpg.lnk
windows10-2004_x64
10x.txt
windows7_x64
1x.txt
windows10-2004_x64
1Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
02-06-2022 19:49
Static task
static1
Behavioral task
behavioral1
Sample
Document-1310.iso
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Document-1310.iso
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
1662.ps1
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
1662.ps1
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Scan_139.jpg
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Scan_139.jpg
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
Scan_139.jpg.lnk
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
Scan_139.jpg.lnk
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
x.txt
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
x.txt
Resource
win10v2004-20220414-en
General
-
Target
Document-1310.iso
-
Size
338KB
-
MD5
ba10e6e571578304126a889202571e1b
-
SHA1
4a5d5a50503bc96e50b103981f05373982ecf307
-
SHA256
692ad829cb6c9788998acb106ea4d8311e432c866d082ac3cc117166ac50080d
-
SHA512
aa0971e9169786e65407aae13a05b23710abda00c23d5103434ac655183670248a19736153c2528661f6dd7fcf46bc03df2c9264b84e24464aaa7ad916f6c40b
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1648 wrote to memory of 2004 1648 cmd.exe 29 PID 1648 wrote to memory of 2004 1648 cmd.exe 29 PID 1648 wrote to memory of 2004 1648 cmd.exe 29