Analysis
-
max time kernel
128s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
17-11-2022 21:57
General
-
Target
JG26.iso
-
Size
970KB
-
MD5
873961ada0ec8120be8caaa56afef082
-
SHA1
af56ba15101e314d7bd87ea6217d04c1ab561036
-
SHA256
0260eb4bc99fb08542f0f8e7725a4a22ff64fe2dcb793747699c95a807d2b6ab
-
SHA512
c23e626784cc21738c93aa8a3cdaaa277ece4d829a2d76392fd1a95ec56b3f7e5fe9eef53b70e05ea83a39758974122ca9d12de7d8404360c9ff76f16ea27436
-
SSDEEP
12288:To96F+DfZxL4+Dir8lkQ5z4hbFmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:To96F+DRt4Tr8lkBhRp2QOUDKw9
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\JG26.iso1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\isoburn.exe"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\JG26.iso"2⤵
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/768-76-0x0000000000000000-mapping.dmp
-
memory/2024-54-0x000007FEFB561000-0x000007FEFB563000-memory.dmpFilesize
8KB