2d3e89c5cc0b38ded52cebfaca28ba1fbf759a0ac578968487076af2a7449390

Analysis

max time kernel
124s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
21-11-2022 11:34

Target

IY37.iso
Size

842KB
MD5

17c30d260aeba5b69eec6ac5510db9ed
SHA1

5f4dadaf72c35d28a45b154359cc359516757cba
SHA256

2d3e89c5cc0b38ded52cebfaca28ba1fbf759a0ac578968487076af2a7449390
SHA512

e9ae031a44f260e3aec456ecc9def770f6b7efbc10e353e4fc27dca32c46b60aaee12f9fc356a1b4d50cb2be12d260d9c85486b7948fd9f47e6c120bb1428f23
SSDEEP

24576:fN9pOK8zWcCTi7QsC3BbYGQajBp6Pi1YWaw4:DQK8Ir3BbzQaNpx1Da

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

isoburn.exe

pid process

1048 isoburn.exe

pid	process
1048	isoburn.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1184 wrote to memory of 1048	1184	cmd.exe	isoburn.exe
PID 1184 wrote to memory of 1048	1184	cmd.exe	isoburn.exe
PID 1184 wrote to memory of 1048	1184	cmd.exe	isoburn.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\IY37.iso
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\System32\isoburn.exe
  "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\IY37.iso"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1048

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1048-76-0x0000000000000000-mapping.dmp

Download
memory/1184-54-0x000007FEFBD41000-0x000007FEFBD43000-memory.dmp

Filesize
8KB

Download