Resubmissions
10-10-2022 14:17
221010-rlzsraccfk 1010-10-2022 13:17
221010-qjgzgsbhd6 1027-09-2022 20:10
220927-yxvfqseda9 10Analysis
-
max time kernel
43s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
10-10-2022 14:17
General
-
Target
PO MATADOR_5D6EC - Q7100625010,pdf.iso
-
Size
356KB
-
MD5
63d1c9619495fa071b4a58b60f6afefc
-
SHA1
1eca144780c7f46846460cd60f2ac466292eb750
-
SHA256
19e014f1f4ba25babca1251f8a99a8d60f11fccb134d72a119032791cc8a0c17
-
SHA512
78892a0d780e97138d2dc6a33778356b700141734958c2b99fe38d0d148aa396ca2ba1fa828cb696b9040346de82d50f643142c556f9f11b9636659c3acf8ef9
-
SSDEEP
6144:D5zvytmDRQDh674uJtGKor0eTFlZt6Ej:9z6ARsh239or/FlO
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\PO MATADOR_5D6EC - Q7100625010,pdf.iso"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\isoburn.exe"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\PO MATADOR_5D6EC - Q7100625010,pdf.iso"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/864-54-0x000007FEFB931000-0x000007FEFB933000-memory.dmpFilesize
8KB
-
memory/1288-76-0x0000000000000000-mapping.dmp