Overview

overview

10

Static

static

Invoice(16...22.iso

windows7-x64

1

Invoice(16...22.iso

windows10-2004-x64

10

Resubmissions

21/09/2022, 14:33

220921-rw846sgeb8 10

21/09/2022, 14:30

220921-rt5zqscagk 1

Analysis

  • max time kernel
    58s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2022, 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Invoice(165)#09-21-22.iso

  • Size

    1.8MB

  • MD5

    eb2f677b8017e7df9e48bc907e606ee2

  • SHA1

    57077c5203f7b9c82e805ebc207514d73747fc8b

  • SHA256

    d9207c37cdab01697d1431d0237d1fc7db1ef2f9db4731124b4f025cf5cc3420

  • SHA512

    dc4a056e21ee1e7acbd6f03a4cc82d40524cd4ef1ef6688ce2b69f2cfa827a8e73523c473865b081091236a1e89994439ca1b80cc3e47c0b9bc1f12873d569c1

  • SSDEEP

    6144:imXcJHP7csJqGGCfXJo0w4wNfL75I2iiXUw0JFY4npeGF:jOHP7tJp0762QlA

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Invoice(165)#09-21-22.iso
    1⤵
      PID:1184
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1948
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x56c
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2028
      • C:\Windows\System32\isoburn.exe
        "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\Invoice(165)#09-21-22.iso"
        1⤵
          PID:520

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1948-54-0x000007FEFB7D1000-0x000007FEFB7D3000-memory.dmp

          Filesize

          8KB

          Download