Overview

overview

10

Static

static

NB36.iso

windows7-x64

3

NB36.iso

windows10-2004-x64

3

SK.vbs

windows7-x64

10

SK.vbs

windows10-2004-x64

10

cushioned/orbit.dll

windows7-x64

10

cushioned/orbit.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    55s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-11-2022 04:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NB36.iso

  • Size

    996KB

  • MD5

    000016399ea7b8314a4fef085f5ebe81

  • SHA1

    1f1b1ba29b8631915b7bb2a6771041fdd0fb7a41

  • SHA256

    9cf370aebafc58681b5322b31e7e5560b0ad198b871201f1a3b1301d08aa858b

  • SHA512

    ae74dd9c2b9687679182f4ef114e9fda446b1666bb1c8e1acc1f8390cff7bfbe8bdc6d22b22bd49360b853e9b11bcc2241f3abd674cde81357f35622ec68b3f1

  • SSDEEP

    24576:sYYwvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxO9MuI4vhL3tXC2Hk:owvwJwRwJZwSw5wqwfHH8H2HHLwRuY0X

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\NB36.iso
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:4588

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads