Analysis
-
max time kernel
129s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
26-12-2022 18:03
Static task
static1
Behavioral task
behavioral1
Sample
Request_12-23#183.iso
Resource
win7-20221111-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Request_12-23#183.iso
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
Request_12-23#183.iso
-
Size
2.1MB
-
MD5
2f39a11049419baf7305d6abf0d45dfc
-
SHA1
2c9b2484039b387aac6f1c6fbe3c6ab05e728edd
-
SHA256
f3a9b733cb33c4d257589e70c8d9cf4b5136cb3932bce2ea1b31bc9d5b06a5ae
-
SHA512
e1f42636f1f4684672d1f2ea6b01cb073dd8c51ba28b8fabff5394f921bc73b1b4bdd942a329a2d32b16254a8b8a47940e2409986a992cce7dc0e6015fe13eb8
-
SSDEEP
12288:4/pNfmaYOTAl0PFX783QgZGXNfnD4SpZi+wwLMfEWm+CJthm:4/zf8j0FXY3Q5XN7pY+wwxZjJthm
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 576 isoburn.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1168 wrote to memory of 576 1168 cmd.exe 29 PID 1168 wrote to memory of 576 1168 cmd.exe 29 PID 1168 wrote to memory of 576 1168 cmd.exe 29
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Request_12-23#183.iso1⤵
- Suspicious use of WriteProcessMemory
PID:1168 -
C:\Windows\System32\isoburn.exe"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\Request_12-23#183.iso"2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:576
-