7f007341834ce7397c65046af35d6b9c54e36627308e0caef0ca61183a973480

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-04-2024 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Arrival Notice_CIA_AWB_INV_Form_pdf.iso
Size

562KB
MD5

0f3c6f0d2eccbcdc76e847ea0f62f15e
SHA1

4baf2036c231dc9a0fba13e6d7d551b27b5b4194
SHA256

49a656f7ee544b5f21726a0f0f5469bd7a15aaa4615b53c4b0dac92b4aea308b
SHA512

a3efe41ce4ae7bd4689fe41c6e1cdb41f8cb4227eae4695a961c00d3305562d59e5bc25f4221c230052a478a505ed6118f95bb09468ffc3dd282be3e849aa1f5
SSDEEP

6144:2Z6ySmRH93qXyS8KevIl/8/vpwO4XMGdKf4xU0PrH7KjnvQWTk85KqZIMHYJqE4E:ZySuRbpGv64vPrHmnkb+NHYqXZ4fa

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

isoburn.exe

pid process

2524 isoburn.exe

pid	process
2524	isoburn.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2164 wrote to memory of 2524	2164	cmd.exe	isoburn.exe
PID 2164 wrote to memory of 2524	2164	cmd.exe	isoburn.exe
PID 2164 wrote to memory of 2524	2164	cmd.exe	isoburn.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Arrival Notice_CIA_AWB_INV_Form_pdf.iso"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164

C:\Windows\System32\isoburn.exe
"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\Arrival Notice_CIA_AWB_INV_Form_pdf.iso"
2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2524

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2524-24-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download