Analysis
-
max time kernel
127s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
17-11-2022 20:25
General
-
Target
SR92.iso
-
Size
970KB
-
MD5
d242dfa93ab741ebdac6525270ea27cf
-
SHA1
3d2b86aff1567287f8745fa6697cf6ec7dd87800
-
SHA256
58ebb57b6d1df9dec1d944d6c0978825b5ee734515199960d324f8c83c949376
-
SHA512
514a3ac03e226018d5e2a03ac98603f36be4cd9dd634d7e4df72298c6a3c8b28de13e643d483b77becf576bbcaed993f6b16cfacd37180e7ab50ed987f2cab09
-
SSDEEP
12288:yoN6F+DfZxL4+Dir8lkQ5z4hbgmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:yoN6F+DRt4Tr8lkBhcp2QOUDKw9
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\SR92.iso1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\isoburn.exe"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\SR92.iso"2⤵
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1096-54-0x000007FEFC421000-0x000007FEFC423000-memory.dmpFilesize
8KB
-
memory/1904-76-0x0000000000000000-mapping.dmp