Overview

overview

3

Static

static

Invoice_09...57.iso

windows7-x64

3

Invoice_09...57.iso

windows10-2004-x64

3

Resubmissions

28-09-2022 17:46

220928-wcfezahghq 1

28-09-2022 17:45

220928-wbw2bsgga4 1

28-09-2022 17:41

220928-v9h2pagfh3 3

28-09-2022 17:38

220928-v7n5xshggr 1

28-09-2022 17:33

220928-v4vtasgfg2 1

28-09-2022 17:30

220928-v3f9hshggk 1

28-09-2022 17:23

220928-vyaaeahgfk 10

28-09-2022 17:13

220928-vrh9qshgdq 1

28-09-2022 17:10

220928-vpztpshgdn 1

28-09-2022 17:08

220928-vnl68ahgdk 3

Analysis

  • max time kernel
    84s
  • max time network
    90s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    28-09-2022 17:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Invoice_09-12-22_order_157.iso

  • Size

    4.2MB

  • MD5

    b1938ffbd6dcc69183382302604e84e5

  • SHA1

    6d9984400b133cf92289d8ccd129f5d7133ce268

  • SHA256

    b47bad8968dbe798ac7dc1a5648206c1819160ecd68449d9dd82ba19a0296288

  • SHA512

    736e695281ed259e616d0862c64ebff16cd845767e5998162f0e7e0fe0161a0be037d17be5beb8ccade317008004880b834dab851cff04897bfa434995d33a3c

  • SSDEEP

    49152:PA4O7LDVaMxLT7IHXcnfwYcoAVGnUmEd70dl4ievKgTN:PAZD3SYUmE2dl4jK

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Invoice_09-12-22_order_157.iso
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Windows\System32\isoburn.exe
      "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\Invoice_09-12-22_order_157.iso"
      2⤵
        PID:680
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1716
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x488
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1080

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1600-54-0x000007FEFBB51000-0x000007FEFBB53000-memory.dmp

        Filesize

        8KB

        Download