Analysis
-
max time kernel
37s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
18-11-2022 12:10
Static task
static1
Behavioral task
behavioral1
Sample
QI20.iso
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
QI20.iso
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
WW.js
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
WW.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
port/signs.dll
Resource
win7-20221111-en
General
-
Target
QI20.iso
-
Size
848KB
-
MD5
410200867498641e764750c31cc5d896
-
SHA1
0afadc99efadcde8722c8b1cd7a9ed8ce1cb71c4
-
SHA256
149a7c7ad1a0d20846519e899d210ff89ac22c580e6e5adf9d57d63df7ba8fce
-
SHA512
094d397799932622658eac7f3d2ed3929fe847e8b9d55a20adba7a213cc3b2ee5a32c1c57240caf2507a51d254d5d0d0f7ad8ee7e9e82e74cdd11f66a5fa6711
-
SSDEEP
12288:Co7VN9gjGfBlxYUWlaVxbYUGOpGPq1Tu/VxdZlUP9Xq4F/9:Co7VN9gjkjW8wWpD9u/VLM9Xq4n
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1300 wrote to memory of 964 1300 cmd.exe isoburn.exe PID 1300 wrote to memory of 964 1300 cmd.exe isoburn.exe PID 1300 wrote to memory of 964 1300 cmd.exe isoburn.exe