Analysis
-
max time kernel
43s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
18-11-2022 09:08
Static task
static1
Behavioral task
behavioral1
Sample
UL24.iso
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
UL24.iso
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
WW.js
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
WW.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
animators/consists.dll
Resource
win7-20221111-en
General
-
Target
UL24.iso
-
Size
970KB
-
MD5
3e4fb0bf16a5836f5a05dba6f994a97f
-
SHA1
24d7736ae94ee1bbe0637f02e2ac2bb3afeb3cd9
-
SHA256
f4f7a862e6a66c57d07d5d54f604d7381a417a1640b7095b1f60afbad72c5dcb
-
SHA512
d78ee9bc6b5f2701795f06ef34f3d63b936dcf3632a1c088804648d8ad8a0b61cdf6403e9a1ec68ed4815c69a8af6ed944f7625ee57685de38beedabe6d315a4
-
SSDEEP
12288:ZoF6F+DfZxL4+Dir8lkQ5z4hbTmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:ZoF6F+DRt4Tr8lkBh3p2QOUDKw9
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1884 wrote to memory of 976 1884 cmd.exe isoburn.exe PID 1884 wrote to memory of 976 1884 cmd.exe isoburn.exe PID 1884 wrote to memory of 976 1884 cmd.exe isoburn.exe