Overview

overview

10

Static

static

AH-703.iso

windows7-x64

3

AH-703.iso

windows10-2004-x64

3

AS.js

windows7-x64

10

AS.js

windows10-2004-x64

10

fix/adjutant.js

windows7-x64

3

fix/adjutant.js

windows10-2004-x64

7

fix/data.txt

windows7-x64

1

fix/data.txt

windows10-2004-x64

1

fix/hypers...ss.ps1

windows7-x64

1

fix/hypers...ss.ps1

windows10-2004-x64

1

Resubmissions

28-11-2022 19:10

221128-xvd6ashh56 10

28-11-2022 19:09

221128-xtsmashh23 10

28-11-2022 15:04

221128-sf2wlacc29 10

Analysis

  • max time kernel
    430s
  • max time network
    436s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28-11-2022 19:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AH-703.iso

  • Size

    690KB

  • MD5

    af9275a091121de13eaed391a65b620b

  • SHA1

    17734a19fd3e944d207509bb1e178ad776651682

  • SHA256

    078d03f798ce2c658d0fc1267ba141e836ca618e136c8f01b778f1e8bfb3721b

  • SHA512

    33ce1006aab78e809380df98b9aa7f241953e377bdf826830485f0a0a28ae50798ba185c94e3fba0ea6cbb9ca69f882a21c7600b84c38002f4a46ce60ca0bc92

  • SSDEEP

    12288:nm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:UMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\AH-703.iso
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\Windows\System32\isoburn.exe
      "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\AH-703.iso"
      2⤵
        PID:2000

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/856-54-0x000007FEFC161000-0x000007FEFC163000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2000-76-0x0000000000000000-mapping.dmp
      Download