Analysis
-
max time kernel
163s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
28-12-2022 18:00
Static task
static1
Behavioral task
behavioral1
Sample
Docs_REF-1228#109.iso
Resource
win7-20220901-en
3 signatures
300 seconds
Behavioral task
behavioral2
Sample
Docs_REF-1228#109.iso
Resource
win10v2004-20220812-en
6 signatures
300 seconds
General
-
Target
Docs_REF-1228#109.iso
-
Size
1.9MB
-
MD5
c3af9dc149f88a2541293cbf6eab4867
-
SHA1
a5de23a20db4dec2dd6f9ca41cbdf617ef2094b9
-
SHA256
ecdb5191814457d5ee4fa334e21d15b66b848d54c47c90ef2af82e40e58f71d9
-
SHA512
204aaf9b8b4c6d7b262cfe1405e1f16558a394812ee6cb12f4468c81dd6ade3d2d5c71bc0cb21ea0e91ef8561393050fe40c368b449c153e246d4a2957b1d1de
-
SSDEEP
6144:dUvv0OBrH6xz/YKp/1cCMC/pA9sedEr9hrqxyxF4ZTg1JP9uffWVIh8IKYlPA8x4:6v8OdBCMYCespKIA8x
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
isoburn.exepid process 1928 isoburn.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1752 wrote to memory of 1928 1752 cmd.exe isoburn.exe PID 1752 wrote to memory of 1928 1752 cmd.exe isoburn.exe PID 1752 wrote to memory of 1928 1752 cmd.exe isoburn.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Docs_REF-1228#109.iso1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\isoburn.exe"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\Docs_REF-1228#109.iso"2⤵
- Suspicious behavior: GetForegroundWindowSpam