Analysis
-
max time kernel
141s -
max time network
29s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
21-11-2022 22:00
Static task
static1
Behavioral task
behavioral1
Sample
BF53.iso
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
BF53.iso
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
SK.js
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
SK.js
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
manacle/unvaccinated.dll
Resource
win7-20220812-en
General
-
Target
BF53.iso
-
Size
842KB
-
MD5
b3ba9cb529778d0799a4ccf474b38a1b
-
SHA1
cacd71f4c5bb9625eb458fd5c259f8c29c585294
-
SHA256
5c9c32aa420fae051a0ba9ab1bda24f4e5ede0ed36347bf842c537aa11cf269e
-
SHA512
bba6b728d3604c13b9b1f59378408422a425376489164439b76d781b744bcf0d4984f2afdda68f017bb7406ce58c491eee2ceba9faeadf8d34d6e208619631a6
-
SSDEEP
24576:VN5pWbYGQajBp6Pi1YWaw46K8zWcCTikQsC3:JUbzQaNpx1DaIK8I23
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
isoburn.exepid process 548 isoburn.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 908 wrote to memory of 548 908 cmd.exe isoburn.exe PID 908 wrote to memory of 548 908 cmd.exe isoburn.exe PID 908 wrote to memory of 548 908 cmd.exe isoburn.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\BF53.iso1⤵
- Suspicious use of WriteProcessMemory
PID:908 -
C:\Windows\System32\isoburn.exe"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\BF53.iso"2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:548
-