Resubmissions
10-10-2022 14:17
221010-rlzsraccfk 1010-10-2022 13:17
221010-qjgzgsbhd6 1027-09-2022 20:10
220927-yxvfqseda9 10Analysis
-
max time kernel
43s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
10-10-2022 14:17
Static task
static1
Behavioral task
behavioral1
Sample
852289dea9e7ab79e1d224cc883cb2f3.eml
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PO MATADOR_5D6EC - Q7100625010,pdf.iso
Resource
win7-20220812-en
Behavioral task
behavioral3
Sample
PO MATADOR_5D6EC - Q7100625010,pdf.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
email-html-1.html
Resource
win7-20220901-en
General
-
Target
PO MATADOR_5D6EC - Q7100625010,pdf.iso
-
Size
356KB
-
MD5
63d1c9619495fa071b4a58b60f6afefc
-
SHA1
1eca144780c7f46846460cd60f2ac466292eb750
-
SHA256
19e014f1f4ba25babca1251f8a99a8d60f11fccb134d72a119032791cc8a0c17
-
SHA512
78892a0d780e97138d2dc6a33778356b700141734958c2b99fe38d0d148aa396ca2ba1fa828cb696b9040346de82d50f643142c556f9f11b9636659c3acf8ef9
-
SSDEEP
6144:D5zvytmDRQDh674uJtGKor0eTFlZt6Ej:9z6ARsh239or/FlO
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 864 wrote to memory of 1288 864 cmd.exe isoburn.exe PID 864 wrote to memory of 1288 864 cmd.exe isoburn.exe PID 864 wrote to memory of 1288 864 cmd.exe isoburn.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\PO MATADOR_5D6EC - Q7100625010,pdf.iso"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\isoburn.exe"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\PO MATADOR_5D6EC - Q7100625010,pdf.iso"2⤵