Overview

overview

10

Static

static

Document-1310.iso

windows7_x64

3

Document-1310.iso

windows10-2004_x64

3

1662.ps1

windows7_x64

1

1662.ps1

windows10-2004_x64

10

Scan_139.jpg

windows7_x64

3

Scan_139.jpg

windows10-2004_x64

3

Scan_139.jpg.lnk

windows7_x64

3

Scan_139.jpg.lnk

windows10-2004_x64

10

x.txt

windows7_x64

1

x.txt

windows10-2004_x64

1

Resubmissions

05-06-2022 15:10

220605-sj6zqabfd5 8

02-06-2022 19:49

220602-yjvvcabad9 10

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    02-06-2022 19:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Document-1310.iso

  • Size

    338KB

  • MD5

    ba10e6e571578304126a889202571e1b

  • SHA1

    4a5d5a50503bc96e50b103981f05373982ecf307

  • SHA256

    692ad829cb6c9788998acb106ea4d8311e432c866d082ac3cc117166ac50080d

  • SHA512

    aa0971e9169786e65407aae13a05b23710abda00c23d5103434ac655183670248a19736153c2528661f6dd7fcf46bc03df2c9264b84e24464aaa7ad916f6c40b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Document-1310.iso
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Windows\System32\isoburn.exe
      "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\Document-1310.iso"
      2⤵
        PID:2004

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1648-54-0x000007FEFBAF1000-0x000007FEFBAF3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2004-76-0x0000000000000000-mapping.dmp

      Download