Overview

overview

4

Static

static

4

chall.vhd

windows7-x64

3

chall.vhd

windows10-2004-x64

3

out.vhd

windows7-x64

1

out.vhd

windows10-2004-x64

1

out.img

windows7-x64

3

out.img

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 17:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    out.img

  • Size

    100.0MB

  • MD5

    8a87186e27ac2c1174937a7391fabf69

  • SHA1

    96c0a3d306ecb39f8287b8ac4f5a5e460a6318be

  • SHA256

    38541ec0f154934396e60887d19ffc12422be34669bd1c61d06f51e7a2ebeca0

  • SHA512

    1de3cb8c47a0729806330df97d216ff0c215eae68b5159079fb9fbfc036c348422f7db32148f6b9b588799b2437c0288065dbf3bbdc6f99827771cd14ee64e40

  • SSDEEP

    1572864:3MKNFm87Eq9W3ZWTWI4H2Iwf5HR6hICAOWXT2hdw+Yz69x3mv5bCVW:tTwm5HmICAOsedw+Yz6shbC

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\out.img
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Windows\System32\isoburn.exe
      "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\out.img"
      2⤵
        PID:3004

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3004-24-0x0000000000110000-0x0000000000111000-memory.dmp

      Filesize

      4KB

      Download