Analysis
-
max time kernel
127s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
18-11-2022 04:34
Static task
static1
Behavioral task
behavioral1
Sample
DM12.iso
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
DM12.iso
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
WW.js
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
WW.js
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
animators/distinguished.dll
Resource
win7-20220901-en
General
-
Target
DM12.iso
-
Size
970KB
-
MD5
885205fb8c2b2e592d973efe8f608fbb
-
SHA1
ce2d775b40767f7a629a3b946fcc0dff484c8a0c
-
SHA256
15abd528a90bdd332bb226ec022a6af3ec68ecb8be5f02a29f1f844848c270dc
-
SHA512
17a4255294baa7a926cc062d45fd68330152029c3a5ad217b009cda95db9853580571bb540894264ca3e3c3a004d98b487e6102a3f71fdb79c58451a3bcb2e2a
-
SSDEEP
12288:So/6F+DfZxL4+Dir8lkQ5z4hb4mKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:So/6F+DRt4Tr8lkBhsp2QOUDKw9
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
isoburn.exepid process 1616 isoburn.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1304 wrote to memory of 1616 1304 cmd.exe isoburn.exe PID 1304 wrote to memory of 1616 1304 cmd.exe isoburn.exe PID 1304 wrote to memory of 1616 1304 cmd.exe isoburn.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\DM12.iso1⤵
- Suspicious use of WriteProcessMemory
PID:1304 -
C:\Windows\System32\isoburn.exe"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\DM12.iso"2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1616