Resubmissions

15-07-2022 00:09

220715-afqt8afaf6 10

15-07-2022 00:03

220715-achdnsfad5 3

Analysis

  • max time kernel
    40s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    15-07-2022 00:09

General

  • Target

    ef24e2502b962414d862dcb115122c70a786a52f933467a546eb85999027d92c.iso

  • Size

    2.6MB

  • MD5

    ffe5b129fabddd3302aef956414b7f35

  • SHA1

    26ffdf171e98a9ef1c54574d6227596a1af9c3f9

  • SHA256

    ef24e2502b962414d862dcb115122c70a786a52f933467a546eb85999027d92c

  • SHA512

    3e9cb4e120a45aa42f738046a219d20ec5f6363c47183fa08c1a26871e054f5b0ec78d2b6f07aac66300d7dac3e1d4f9f8c90ab6d4cf0879f85af3e06712a699

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ef24e2502b962414d862dcb115122c70a786a52f933467a546eb85999027d92c.iso
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:948
    • C:\Windows\System32\isoburn.exe
      "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\ef24e2502b962414d862dcb115122c70a786a52f933467a546eb85999027d92c.iso"
      2⤵
        PID:1824

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/948-54-0x000007FEFB971000-0x000007FEFB973000-memory.dmp

      Filesize

      8KB

    • memory/1824-76-0x0000000000000000-mapping.dmp