Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
18-11-2022 11:09
Static task
static1
Behavioral task
behavioral1
Sample
QJ98.iso
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
QJ98.iso
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
WW.js
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
WW.js
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
port/package.dll
Resource
win7-20221111-en
General
-
Target
QJ98.iso
-
Size
848KB
-
MD5
73d701cac3da7a4ba9fa383324dbc3fe
-
SHA1
6e090fa925d1ebdaa7b2ec410f25b4cbfe1e247a
-
SHA256
b12345efe24c330c9c201143bb0dd2699eec0dd108728b02a4df9c4b61718be9
-
SHA512
0e1161fbb681dce08069b03c1bd37a2c6bd6e0f9be6dfc96dfa85f111e4e42010f61dd96059846d93c05ae8d35355a8aa0cc225f9922324be0908dc7f82159a0
-
SSDEEP
12288:QojVN9gjGfBl6YUWlaVxbYUGOpGPq1Tu/VxdZlUP9Xq4F/9:QojVN9gjkSW8wWpD9u/VLM9Xq4n
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1948 wrote to memory of 2004 1948 cmd.exe isoburn.exe PID 1948 wrote to memory of 2004 1948 cmd.exe isoburn.exe PID 1948 wrote to memory of 2004 1948 cmd.exe isoburn.exe