Overview

overview

10

Static

static

db212c6801...35.iso

windows7-x64

3

db212c6801...35.iso

windows10-2004-x64

3

Contract.lnk

windows7-x64

3

Contract.lnk

windows10-2004-x64

3

consorter/...nt.cmd

windows7-x64

1

consorter/...nt.cmd

windows10-2004-x64

1

consorter/...rs.cmd

windows7-x64

1

consorter/...rs.cmd

windows10-2004-x64

1

consorter/...ts.dll

windows7-x64

10

consorter/...ts.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    41s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02-11-2022 18:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db212c6801f438aeb2553e38078d9995f547a51731ad68062376e762bfaec735.iso

  • Size

    514KB

  • MD5

    b70158a27709abc43afb36b57d8c379f

  • SHA1

    8715f35ab29bfce6b8f3aef8796d53ab0c00f47a

  • SHA256

    db212c6801f438aeb2553e38078d9995f547a51731ad68062376e762bfaec735

  • SHA512

    37643f5e283b3968d32d3574b7cf4301ecc3f34d6cbebb4faf68a6bb56cc496ee1bd1c8ff4deba1a78842bc4e82b620cddfb35034f0c96da78859cbf52051938

  • SSDEEP

    12288:ZLVZw4wIOlwQs/tMrbQHt+psTw6RcA3/2oXmbTdaUT:5VZw4wnwQs/tMPQBZRce9qJak

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\db212c6801f438aeb2553e38078d9995f547a51731ad68062376e762bfaec735.iso
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Windows\System32\isoburn.exe
      "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\db212c6801f438aeb2553e38078d9995f547a51731ad68062376e762bfaec735.iso"
      2⤵
        PID:2036

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1636-54-0x000007FEFB821000-0x000007FEFB823000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2036-76-0x0000000000000000-mapping.dmp
      Download