Analysis
-
max time kernel
42s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
04-09-2022 21:30
Static task
static1
Behavioral task
behavioral1
Sample
4c1e61b0feb9caae2793253443f7898a0cb2312a8a367efb0233ee44f51f4feb.iso
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
4c1e61b0feb9caae2793253443f7898a0cb2312a8a367efb0233ee44f51f4feb.iso
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
VGM.exe
Resource
win7-20220812-en
General
-
Target
4c1e61b0feb9caae2793253443f7898a0cb2312a8a367efb0233ee44f51f4feb.iso
-
Size
1.6MB
-
MD5
6987bd82c13f9e2d16e400e97e24ac25
-
SHA1
4019e3374e8a899d30d8f0c50cd5aa6558d7f904
-
SHA256
4c1e61b0feb9caae2793253443f7898a0cb2312a8a367efb0233ee44f51f4feb
-
SHA512
294409c1747ac1fbd4818c83bbc76f30133a83d78bffc8dc0a9a31c9d7cd4442a8324ee6f5d09775b5f379ef31946601815489eeae53daf56c01f0edfc71ea90
-
SSDEEP
24576:P33WTVxrYxIosanFLu3E61vo/Jtj/lpSmhTqH:f6Vp9osKQPMvvSoe
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1768 wrote to memory of 556 1768 cmd.exe isoburn.exe PID 1768 wrote to memory of 556 1768 cmd.exe isoburn.exe PID 1768 wrote to memory of 556 1768 cmd.exe isoburn.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\4c1e61b0feb9caae2793253443f7898a0cb2312a8a367efb0233ee44f51f4feb.iso1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\isoburn.exe"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\4c1e61b0feb9caae2793253443f7898a0cb2312a8a367efb0233ee44f51f4feb.iso"2⤵