Analysis
-
max time kernel
90s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
15-09-2022 10:22
General
-
Target
fba152136ccb3ab4af3ec88eebe02162e3159170f159343c59a40757a9599f9b.iso
-
Size
2.3MB
-
MD5
0f80169429263a38ede804a8adba6037
-
SHA1
d271d783c27424db1cbbcfc6422eaf3360b2c86f
-
SHA256
fba152136ccb3ab4af3ec88eebe02162e3159170f159343c59a40757a9599f9b
-
SHA512
ecc9bd769b3894dc5f5e696a27f1a8d0db0a5ddd1100d034443befd39cf76baf0ba36d168ea8b5e722747a0dd71cad5809feb367fbe2667379a745690b5e4c56
-
SSDEEP
49152:/mxV8r49vGU/vrw/duhM6DRCQstcYIMkqPGyoWi:gzM6EQsGLMk1y1
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\fba152136ccb3ab4af3ec88eebe02162e3159170f159343c59a40757a9599f9b.iso1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken