Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
18-11-2022 08:18
Static task
static1
Behavioral task
behavioral1
Sample
SX45.iso
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SX45.iso
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
WW.js
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
WW.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
port/revolution.dll
Resource
win7-20220812-en
General
-
Target
SX45.iso
-
Size
848KB
-
MD5
796a11d76347e917680acc31f7349e88
-
SHA1
4f327071d02171241245612aa57921c589afe410
-
SHA256
9f090c29601ba885046be32e77f4f8255f2d8b16440e018a0e17e392e0e1bcf5
-
SHA512
f20618497214da2207922ee23c3c82f529661e65d3d6d55fcac00857b4b829418d89d48b1037240289670e68f2a715cc27e1cb07b62ed8162d03c2bb9d9f8d40
-
SSDEEP
12288:toJVN9gjGfBlJYUWlaVxbYUGOpGPq1Tu/VxdZlUP9Xq4F/9:toJVN9gjk7W8wWpD9u/VLM9Xq4n
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1700 wrote to memory of 1284 1700 cmd.exe isoburn.exe PID 1700 wrote to memory of 1284 1700 cmd.exe isoburn.exe PID 1700 wrote to memory of 1284 1700 cmd.exe isoburn.exe