Overview

overview

10

Static

static

a3e023f966...f8.iso

windows7-x64

3

a3e023f966...f8.iso

windows10-2004-x64

3

documents.lnk

windows7-x64

10

documents.lnk

windows10-2004-x64

10

setting.dll

windows7-x64

10

setting.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    69s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-09-2022 10:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a3e023f9666dfacbbc028212682390de436a78e4291c512b0b9f022a05b138f8.iso

  • Size

    2.4MB

  • MD5

    39a919e20cfbf620f4daa0a2089e3998

  • SHA1

    2df3ed2f9a2022d13559f09da0656ef61bdcd984

  • SHA256

    a3e023f9666dfacbbc028212682390de436a78e4291c512b0b9f022a05b138f8

  • SHA512

    2ea7b161d155473e07561d501a3de68c3579011bed759e43630caed7c235d4b032de7b7031a5f88af54b395b595e8f0ef3f7af39cf16e6a19cce62fe9b1b32e3

  • SSDEEP

    49152:c7wq/1JsO/mzk/B84wEkqcKKEit/nLYpieYHpzoHM41/:c7w27ekpWRIe4YHpzos4V

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\a3e023f9666dfacbbc028212682390de436a78e4291c512b0b9f022a05b138f8.iso
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:4540

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads