Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
submitted
12-09-2022 20:29
Static task
static1
Behavioral task
behavioral1
Sample
iso.iso
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
iso.iso
-
Size
4.2MB
-
MD5
91d626d73fb0dbe45a28f7f49d890c3f
-
SHA1
b218beed30ab0a02db2024100c7a181f16121365
-
SHA256
033099c84bf080da3cae5075180d513861b9b993fef92ff948673ac8e7b23f19
-
SHA512
b172891f4efb3754a6c13e287f13128b94cb28c2ad441935e8eba2597312816477d41fa2e17277764fc32f041fe4d45072f2c8616b7ea7d8053673c59ab96a73
-
SSDEEP
24576:HKb9bASjbJSeycW5gLI+kEP02C7bswQqNLEueh0GHSeUhXedT3wH0zTgjX7Mn9Il:qpb2Pb3jUNGVJgvIOFkinJ/5aU9/Y
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1956 wrote to memory of 1156 1956 cmd.exe 28 PID 1956 wrote to memory of 1156 1956 cmd.exe 28 PID 1956 wrote to memory of 1156 1956 cmd.exe 28