Analysis
-
max time kernel
47s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
19-11-2022 14:44
Static task
static1
Behavioral task
behavioral1
Sample
TZ67.iso
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
TZ67.iso
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
SK.js
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
SK.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
manacle/assignations.dll
Resource
win7-20220901-en
General
-
Target
TZ67.iso
-
Size
842KB
-
MD5
33bbe8729cb9ff3ccba095d0ac66060c
-
SHA1
dacad73e0a1cb1dcf649b30f58d4135005e4f955
-
SHA256
e117f232d9017bafab4854c0b73578f14e3d4311052ef9c69680804b2b733f03
-
SHA512
be39269f0b3121245159ea1fec251ea63c4e42ff3dc3c4988581a083e875e985623c3e544d4eedc047d1b86ecaa281f28bd2f442eafd024321927545b4ece2d3
-
SSDEEP
24576:YNlK8zWcCTi4QsC3bpWbYGQajBp6Pi1YWaw4:kK8IC3bUbzQaNpx1Da
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1544 wrote to memory of 948 1544 cmd.exe isoburn.exe PID 1544 wrote to memory of 948 1544 cmd.exe isoburn.exe PID 1544 wrote to memory of 948 1544 cmd.exe isoburn.exe