Analysis
-
max time kernel
127s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
18-11-2022 13:11
Static task
static1
Behavioral task
behavioral1
Sample
JN79.iso
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
JN79.iso
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
SK.js
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
SK.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
manacle/perpendicularly.dll
Resource
win7-20221111-en
General
-
Target
JN79.iso
-
Size
842KB
-
MD5
94faf871d3736a7b3ea0289d87036e7e
-
SHA1
49556423a3f42badb43f088d21bb9736ba4e737c
-
SHA256
fdf4be7edd488f2339e941acb52c9cef37d53d702649a87be8488a6ae3b6bcf5
-
SHA512
7f3ca9824c6b6abdf8536a18daaa8880b3890bba71a1bca86a9618c86604cd49a25775341f76ef1fe7360b23fce1d4d5055757c7d98f0874ddd8a3303273b8be
-
SSDEEP
24576:bNNpOK8zWcCTibQsC3BbYGQajBp6Pi1YWaw4:XQK8IL3BbzQaNpx1Da
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
isoburn.exepid process 268 isoburn.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1060 wrote to memory of 268 1060 cmd.exe isoburn.exe PID 1060 wrote to memory of 268 1060 cmd.exe isoburn.exe PID 1060 wrote to memory of 268 1060 cmd.exe isoburn.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\JN79.iso1⤵
- Suspicious use of WriteProcessMemory
PID:1060 -
C:\Windows\System32\isoburn.exe"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\JN79.iso"2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:268