Analysis
-
max time kernel
127s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
18-11-2022 11:02
General
-
Target
QE74.iso
-
Size
970KB
-
MD5
b97066193dbf3f493d37f63881ffda09
-
SHA1
2ca4aaa6361e37768ef025e90b800af11b02afc3
-
SHA256
4e1bef93fe9a274fceb49e68298010781f952be7a526f2c34b42a0e9de100d6b
-
SHA512
5f31f4e1e0cac2121b0745b14b5e6171e21675eb1f0d1a7194c9e79eeec4729ec983185296e7c445b5876273e925e7c7d1e1274e7316caca093001dcec59451a
-
SSDEEP
12288:xocKwnONVvoo6F+DfZxL4+Dir8lkQ5z4hbrmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:xocKw9o6F+DRt4Tr8lkBhXp2QOU
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\QE74.iso1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\isoburn.exe"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\QE74.iso"2⤵
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/756-76-0x0000000000000000-mapping.dmp
-
memory/1736-54-0x000007FEFB9C1000-0x000007FEFB9C3000-memory.dmpFilesize
8KB