82bd14bf451e0123666b30b95583e361d173aa6410378bbdac29017c8467cf5a

Analysis

max time kernel
40s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
18-11-2022 10:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XQ47.iso
Size

970KB
MD5

60f808824bc9ec607a2b6a5b0a5a3f31
SHA1

1eb6a55c30f0e548c244fde1ab6fb1747fd1f6cd
SHA256

82bd14bf451e0123666b30b95583e361d173aa6410378bbdac29017c8467cf5a
SHA512

afa2e77ad2aa5f67b66738ed553387af6a4b49d88a1b9c6cc1a6cf2bd65920d5114471d0a20f443a0f3493a20db2ef7cadd86a8a986091fd2a46ca851c11db98
SSDEEP

12288:IokKwnON76F+DfZxL4+Dir8lkQ5z4hbImKFX4GfOs5VBNYRbWAUWWvoYPiwBP2vo:IokKwW6F+DRt4Tr8lkBhUp2QOUZ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1456 wrote to memory of 1752	1456	cmd.exe	isoburn.exe
PID 1456 wrote to memory of 1752	1456	cmd.exe	isoburn.exe
PID 1456 wrote to memory of 1752	1456	cmd.exe	isoburn.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\XQ47.iso
1⤵
- Suspicious use of WriteProcessMemory
PID:1456

C:\Windows\System32\isoburn.exe
"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\XQ47.iso"
2⤵
PID:1752

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1456-54-0x000007FEFC141000-0x000007FEFC143000-memory.dmp

Filesize
8KB

Download
memory/1752-76-0x0000000000000000-mapping.dmp

Download