Overview

overview

10

Static

static

IRS_Form-1...90.iso

windows7-x64

3

IRS_Form-1...90.iso

windows10-2004-x64

10

Resubmissions

12-12-2022 15:33

221212-szalfsbg25 10

12-12-2022 15:30

221212-sxkcwaed8w 3

Analysis

  • max time kernel
    38s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    12-12-2022 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IRS_Form-12-09#190.iso

  • Size

    1.8MB

  • MD5

    6c9e3fb476ed918865649c003308b614

  • SHA1

    6eff37754b16fec4da00742aca1e68f286c9a7c4

  • SHA256

    722018f7c9ae47ffa1e6372e8134b35cd1598cfc40935172222beb56d7ebefff

  • SHA512

    2f31aa660b7217619405503a48a5ef84fdcf746cde8bc15d5230b2294c0eaaa40cdc5df8e743fcecb30214c2c537a8cc913623405e02e6df56e4540a34d77b2c

  • SSDEEP

    24576:g0zID/kJAHL/WPXoPcTPbgrQlRNKIg8g:g0u/WPXoPcTPbgrQlRNKIg8g

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\IRS_Form-12-09#190.iso
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1376
    • C:\Windows\System32\isoburn.exe
      "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\IRS_Form-12-09#190.iso"
      2⤵
        PID:960

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/960-76-0x0000000000000000-mapping.dmp
      Download
    • memory/1376-54-0x000007FEFBC01000-0x000007FEFBC03000-memory.dmp
      Filesize

      8KB

      Download