Analysis
-
max time kernel
40s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
18-11-2022 10:39
Static task
static1
Behavioral task
behavioral1
Sample
XQ47.iso
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
XQ47.iso
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
WW.js
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
WW.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
animators/slice.dll
Resource
win7-20220901-en
General
-
Target
XQ47.iso
-
Size
970KB
-
MD5
60f808824bc9ec607a2b6a5b0a5a3f31
-
SHA1
1eb6a55c30f0e548c244fde1ab6fb1747fd1f6cd
-
SHA256
82bd14bf451e0123666b30b95583e361d173aa6410378bbdac29017c8467cf5a
-
SHA512
afa2e77ad2aa5f67b66738ed553387af6a4b49d88a1b9c6cc1a6cf2bd65920d5114471d0a20f443a0f3493a20db2ef7cadd86a8a986091fd2a46ca851c11db98
-
SSDEEP
12288:IokKwnON76F+DfZxL4+Dir8lkQ5z4hbImKFX4GfOs5VBNYRbWAUWWvoYPiwBP2vo:IokKwW6F+DRt4Tr8lkBhUp2QOUZ
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1456 wrote to memory of 1752 1456 cmd.exe isoburn.exe PID 1456 wrote to memory of 1752 1456 cmd.exe isoburn.exe PID 1456 wrote to memory of 1752 1456 cmd.exe isoburn.exe