Overview

overview

10

Static

static

UZ08.iso

windows7-x64

3

UZ08.iso

windows10-2004-x64

3

SK.vbs

windows7-x64

10

SK.vbs

windows10-2004-x64

10

cushioned/multi.dll

windows7-x64

10

cushioned/multi.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    37s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    17-11-2022 03:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    UZ08.iso

  • Size

    996KB

  • MD5

    419b2dbb878c76168c184805d8ac38e5

  • SHA1

    25416b5d0481bf7213b6eb08aed3d033f8d3615b

  • SHA256

    c74708ce68f102dae62385f9665d9eb1cde9e9143e6f01a27e0f42a76f248030

  • SHA512

    b33b2dd2b34b300156f11b506b6f75f314faa05c9863e4487bda06d23f89121944289d13f1b1cc99cf36d27ca2415384768009fc57e9127f8ebfd98491207dbe

  • SSDEEP

    24576:PYYwvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxZ9MuI4vhL3tXC2Hk:FwvwJwRwJZwSw5wqwfHH8H2HHLwRuY0M

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\UZ08.iso
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1300
    • C:\Windows\System32\isoburn.exe
      "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\UZ08.iso"
      2⤵
        PID:1928

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1300-54-0x000007FEFBAE1000-0x000007FEFBAE3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1928-76-0x0000000000000000-mapping.dmp

      Download