Analysis
-
max time kernel
38s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
12-12-2022 15:33
Static task
static1
Behavioral task
behavioral1
Sample
IRS_Form-12-09#190.iso
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
IRS_Form-12-09#190.iso
Resource
win10v2004-20220812-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
IRS_Form-12-09#190.iso
-
Size
1.8MB
-
MD5
6c9e3fb476ed918865649c003308b614
-
SHA1
6eff37754b16fec4da00742aca1e68f286c9a7c4
-
SHA256
722018f7c9ae47ffa1e6372e8134b35cd1598cfc40935172222beb56d7ebefff
-
SHA512
2f31aa660b7217619405503a48a5ef84fdcf746cde8bc15d5230b2294c0eaaa40cdc5df8e743fcecb30214c2c537a8cc913623405e02e6df56e4540a34d77b2c
-
SSDEEP
24576:g0zID/kJAHL/WPXoPcTPbgrQlRNKIg8g:g0u/WPXoPcTPbgrQlRNKIg8g
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1376 wrote to memory of 960 1376 cmd.exe isoburn.exe PID 1376 wrote to memory of 960 1376 cmd.exe isoburn.exe PID 1376 wrote to memory of 960 1376 cmd.exe isoburn.exe