Overview

overview

7

Static

static

document_Y...22.iso

windows7-x64

3

document_Y...22.iso

windows10-2004-x64

3

data.txt

windows7-x64

1

data.txt

windows10-2004-x64

1

document.vbs

windows7-x64

3

document.vbs

windows10-2004-x64

7

overhauled/dozens.gif

windows7-x64

1

overhauled/dozens.gif

windows10-2004-x64

1

overhauled...ry.dll

windows7-x64

1

overhauled...ry.dll

windows10-2004-x64

1

overhauled...ss.png

windows7-x64

3

overhauled...ss.png

windows10-2004-x64

3

Analysis

  • max time kernel
    101s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 06:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    document_Y265_Nov#22.iso

  • Size

    1.2MB

  • MD5

    d782ce153ee4ff3e2e923e59490f30d6

  • SHA1

    1d91a7c75acd202ecf89bd001660885b99c37b98

  • SHA256

    9f732f21cd6bea13a4dbabbf90aa687cafd5b4b530ec27066152479e37f4cec8

  • SHA512

    eb3796e5030727b1859cd4bf949d45aa24cc6c2516a50ae1dc21e65c72bfaf7af77760d2fdaf0d7bf18766df88885c31e66b7987be1f085dc83f501c7ea9088b

  • SSDEEP

    24576:vtE8Z3shoA9qB8DvUAZkl9iIDIQIFaOGYnknF6:e8vmqB8DUAZklKxnknF6

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\document_Y265_Nov#22.iso
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1456
    • C:\Windows\System32\isoburn.exe
      "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\document_Y265_Nov#22.iso"
      2⤵
        PID:664
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\SwitchRename\" -spe -an -ai#7zMap11553:82:7zEvent20595
      1⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:1760

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/664-76-0x0000000000000000-mapping.dmp

      Download

    • memory/1456-54-0x000007FEFB7B1000-0x000007FEFB7B3000-memory.dmp

      Filesize

      8KB

      Download