Overview
overview
7Static
static
3PowerISO v...7z.dll
windows11-21h2-x64
3PowerISO v...ll.dll
windows11-21h2-x64
3PowerISO v...SH.dll
windows11-21h2-x64
1PowerISO v..._1.dll
windows11-21h2-x64
7PowerISO v...VM.exe
windows11-21h2-x64
1PowerISO v...SO.chm
windows11-21h2-x64
1PowerISO v...SO.exe
windows11-21h2-x64
3PowerISO v...on.exe
windows11-21h2-x64
1PowerISO v..._1.exe
windows11-21h2-x64
1PowerISO v...nc.dll
windows11-21h2-x64
3PowerISO v...AC.dll
windows11-21h2-x64
3PowerISO v...is.dll
windows11-21h2-x64
3PowerISO v...so.exe
windows11-21h2-x64
1PowerISO v...64.exe
windows11-21h2-x64
1PowerISO v...ws.dll
windows11-21h2-x64
1PowerISO v...ar.dll
windows11-21h2-x64
3PowerISO v...64.dll
windows11-21h2-x64
1PowerISO v...ll.dll
windows11-21h2-x64
1PowerISO v...SH.dll
windows11-21h2-x64
7PowerISO v...VM.exe
windows11-21h2-x64
1PowerISO v...SO.chm
windows11-21h2-x64
1PowerISO v...SO.exe
windows11-21h2-x64
7PowerISO v...on.exe
windows11-21h2-x64
1PowerISO v...nc.dll
windows11-21h2-x64
1PowerISO v...AC.dll
windows11-21h2-x64
1PowerISO v...is.dll
windows11-21h2-x64
1PowerISO v...so.exe
windows11-21h2-x64
1PowerISO v...64.exe
windows11-21h2-x64
1PowerISO v...64.dll
windows11-21h2-x64
1PowerISO v... 8.exe
windows11-21h2-x64
7$PLUGINSDI...ec.dll
windows11-21h2-x64
3$PLUGINSDI...ry.dll
windows11-21h2-x64
3Analysis
-
max time kernel
87s -
max time network
107s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
26/05/2024, 10:24
Static task
static1
Behavioral task
behavioral1
Sample
PowerISO v8.8 Portable/App/PowerISO/7z.dll
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
PowerISO v8.8 Portable/App/PowerISO/MACDll.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
PowerISO v8.8 Portable/App/PowerISO/PWRISOSH.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
PowerISO v8.8 Portable/App/PowerISO/PWRISOSH_1.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
PowerISO v8.8 Portable/App/PowerISO/PWRISOVM.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
PowerISO v8.8 Portable/App/PowerISO/PowerISO.chm
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
PowerISO v8.8 Portable/App/PowerISO/PowerISO.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
PowerISO v8.8 Portable/App/PowerISO/devcon.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
PowerISO v8.8 Portable/App/PowerISO/devcon_1.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
PowerISO v8.8 Portable/App/PowerISO/lame_enc.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
PowerISO v8.8 Portable/App/PowerISO/libFLAC.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
PowerISO v8.8 Portable/App/PowerISO/libvorbis.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
PowerISO v8.8 Portable/App/PowerISO/piso.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
PowerISO v8.8 Portable/App/PowerISO/setup64.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
PowerISO v8.8 Portable/App/PowerISO/unicows.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
PowerISO v8.8 Portable/App/PowerISO/unrar.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
PowerISO v8.8 Portable/App/PowerISO64/7z-x64.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
PowerISO v8.8 Portable/App/PowerISO64/MACDll.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
PowerISO v8.8 Portable/App/PowerISO64/PWRISOSH.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
PowerISO v8.8 Portable/App/PowerISO64/PWRISOVM.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
PowerISO v8.8 Portable/App/PowerISO64/PowerISO.chm
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
PowerISO v8.8 Portable/App/PowerISO64/PowerISO.exe
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
PowerISO v8.8 Portable/App/PowerISO64/devcon.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
PowerISO v8.8 Portable/App/PowerISO64/lame_enc.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
PowerISO v8.8 Portable/App/PowerISO64/libFLAC.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
PowerISO v8.8 Portable/App/PowerISO64/libvorbis.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
PowerISO v8.8 Portable/App/PowerISO64/piso.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
PowerISO v8.8 Portable/App/PowerISO64/setup64.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
PowerISO v8.8 Portable/App/PowerISO64/unrar64.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
PowerISO v8.8 Portable/PowerISO 8.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral32
Sample
$PLUGINSDIR/registry.dll
Resource
win11-20240508-en
windows11-21h2-x64
General
-
Target
PowerISO v8.8 Portable/App/PowerISO/PWRISOSH_1.dll
-
Size
362KB
-
MD5
36fae211cba9f01a3d2dc05935375d34
-
SHA1
ba0811b9ca2e38deb9d7b90db7da4d5df19257ce
-
SHA256
6419b8bbc93abf5b92eac3e9330c0ec0725f4be41a3f2b2dfc2a0b55a9acd6d2
-
SHA512
c3dce9722b1e5136db5415fd08affad3e5b4dd039c3b3947ab43ee5afe308c4853e59b448f5ea3449d587bd634cdf9a4cb673bd58690fcaae1a68fb8fe8ef5f7
-
SSDEEP
6144:KoJdR1mWL8ubzmBgN2Db62aEOLT+2lIrvnEDAuErgGBTKr:KoJdR1mWL8eqB4236292UnEDAuEs1r
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\PowerISO v8.8 Portable\\App\\PowerISO\\PWRISOSH_1.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32\ThreadingModel = "Apartment" regsvr32.exe -
Modifies registry class 11 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\PowerISO\ = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PowerISO regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO\ = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PowerISO\ = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\ = "PowerISO" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\PowerISO regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\PowerISO v8.8 Portable\\App\\PowerISO\\PWRISOSH_1.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PowerISO regsvr32.exe