Analysis
-
max time kernel
38s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
17-11-2022 19:22
Static task
static1
Behavioral task
behavioral1
Sample
ZB73.iso
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ZB73.iso
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
WW.js
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
WW.js
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
animators/gamebird.dll
Resource
win7-20221111-en
General
-
Target
ZB73.iso
-
Size
970KB
-
MD5
da0add2fe1e9a95269d7dd4a4effead5
-
SHA1
1be7ec7efc169b931d8a09725fbaeac5ebd01f17
-
SHA256
58cabf52950ccae3ff08b57a2359687594a9fe3890cab2a7ce1546a0d597377f
-
SHA512
e49615017709ec79e54619ea266a7d178ca7d495115d28882992fd98b1b012a76ae813e7c3fe4259e84a68ca8f3ca9a4ecc013ea02220ad3b05953a4415c00e6
-
SSDEEP
12288:4oF6F+DfZxL4+Dir8lkQ5z4hbXmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:4oF6F+DRt4Tr8lkBhzp2QOUDKw9
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1672 wrote to memory of 960 1672 cmd.exe isoburn.exe PID 1672 wrote to memory of 960 1672 cmd.exe isoburn.exe PID 1672 wrote to memory of 960 1672 cmd.exe isoburn.exe