15abd528a90bdd332bb226ec022a6af3ec68ecb8be5f02a29f1f844848c270dc

Analysis

max time kernel
127s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
18-11-2022 04:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DM12.iso
Size

970KB
MD5

885205fb8c2b2e592d973efe8f608fbb
SHA1

ce2d775b40767f7a629a3b946fcc0dff484c8a0c
SHA256

15abd528a90bdd332bb226ec022a6af3ec68ecb8be5f02a29f1f844848c270dc
SHA512

17a4255294baa7a926cc062d45fd68330152029c3a5ad217b009cda95db9853580571bb540894264ca3e3c3a004d98b487e6102a3f71fdb79c58451a3bcb2e2a
SSDEEP

12288:So/6F+DfZxL4+Dir8lkQ5z4hb4mKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:So/6F+DRt4Tr8lkBhsp2QOUDKw9

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

isoburn.exe

pid process

1616 isoburn.exe

pid	process
1616	isoburn.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1304 wrote to memory of 1616	1304	cmd.exe	isoburn.exe
PID 1304 wrote to memory of 1616	1304	cmd.exe	isoburn.exe
PID 1304 wrote to memory of 1616	1304	cmd.exe	isoburn.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\DM12.iso
1⤵
- Suspicious use of WriteProcessMemory
PID:1304

C:\Windows\System32\isoburn.exe
"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\DM12.iso"
2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1616

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1304-54-0x000007FEFB651000-0x000007FEFB653000-memory.dmp

Filesize
8KB

Download
memory/1616-76-0x0000000000000000-mapping.dmp

Download