Analysis
-
max time kernel
127s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
17-11-2022 20:25
Static task
static1
Behavioral task
behavioral1
Sample
SR92.iso
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SR92.iso
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
WW.js
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
WW.js
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
animators/dearer.dll
Resource
win7-20221111-en
General
-
Target
SR92.iso
-
Size
970KB
-
MD5
d242dfa93ab741ebdac6525270ea27cf
-
SHA1
3d2b86aff1567287f8745fa6697cf6ec7dd87800
-
SHA256
58ebb57b6d1df9dec1d944d6c0978825b5ee734515199960d324f8c83c949376
-
SHA512
514a3ac03e226018d5e2a03ac98603f36be4cd9dd634d7e4df72298c6a3c8b28de13e643d483b77becf576bbcaed993f6b16cfacd37180e7ab50ed987f2cab09
-
SSDEEP
12288:yoN6F+DfZxL4+Dir8lkQ5z4hbgmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:yoN6F+DRt4Tr8lkBhcp2QOUDKw9
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
isoburn.exepid process 1904 isoburn.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1096 wrote to memory of 1904 1096 cmd.exe isoburn.exe PID 1096 wrote to memory of 1904 1096 cmd.exe isoburn.exe PID 1096 wrote to memory of 1904 1096 cmd.exe isoburn.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\SR92.iso1⤵
- Suspicious use of WriteProcessMemory
PID:1096 -
C:\Windows\System32\isoburn.exe"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\SR92.iso"2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1904