7194b09576abe8bb59df17c744ab41066ecf7e5bffe268f97c1fae7ba7b88e2d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 10:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PowerISO6/PowerISO6.exe
Size

2.8MB
MD5

3d7db7b063dd3cece6343b498aa35338
SHA1

4435f1588709304e84ef182fd74d22407c458449
SHA256

824d833b4ee89a0fc95ea20b2677ed56ee53f271710dbdc4424b2aa9831ba9a0
SHA512

a76342a3c230e6c9a4fbb6f0bc4fed6005f7bf64d8c165e4ee0a10a8bf59d91fc6502bc4991062b52ba1bc8ec07f8b7eb1da8d1ee5ca3d1f0277c0e15f62f3c8
SSDEEP

49152:5B1DURFJibdw5kBGt504BbcWd9dsFME6G++KsVrxtURcGIbKnwPNBnE:5B5URFJiJwKBA55OWDdsKtGdjVrwRWCN

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2484	PowerISO6.exe
2484	PowerISO6.exe
2484	PowerISO6.exe
2484	PowerISO6.exe
4436	RunDll32.exe
2484	PowerISO6.exe
2484	PowerISO6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 4436	2484	PowerISO6.exe	85
PID 2484 wrote to memory of 4436	2484	PowerISO6.exe	85
PID 2484 wrote to memory of 4436	2484	PowerISO6.exe	85

C:\Users\Admin\AppData\Local\Temp\PowerISO6\PowerISO6.exe
"C:\Users\Admin\AppData\Local\Temp\PowerISO6\PowerISO6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\SysWOW64\RunDll32.exe
  RunDll32.exe "C:\Users\Admin\AppData\Local\Temp\nse51FA.tmp\OCSetupHlp.dll",_OCPID0938OpenCandy2@16 2484,CDF105CAF2504AAEB8FF2AA0F8B7EBBE,4C6B8AC4C8CA454ABE039EAAEAA31B51,B303200C8EBE4E58804618527C66D5A9
  2⤵
  - Loads dropped DLL
  PID:4436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nse51FA.tmp\InstOpt.dll

Filesize
43KB

MD5
47cb59f870260ee531b7196cdf0622cb

SHA1
3d688568a1e3f59c583820e155c3e793bb6709a1

SHA256
b848357d3a5bb30ce99c3d2f0c3a206b4c7080108e860e3557eed2051f90c426

SHA512
c7adbdbd0c9b00bb900e42d0d94c2d5d9b70c567e55c4a792ff03d4be6795214feb0684f0b245bf2ef39ff3a81951a41571d3bc27b29f0792a1837cd14fef33c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse51FA.tmp\OCSetupHlp.dll

Filesize
825KB

MD5
5374470da6c3d20044b56a945197dc03

SHA1
95fbfc5d99ee2b410ec9a2c88494ee3cae99dec1

SHA256
c8cdbe6b8699eb1540666b07bc88abcc4e2d4e54a9f7d37b36b259412e7575cd

SHA512
9989e9bfd6583fb28e3231fc18b9d7ec1dd802d561ddae0c994f8e6fe343fc49d90864238e0f209c585bc86adfb0f8ec61f9cab617f19c59bd02cf9af7158b51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse51FA.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
memory/2484-29-0x0000000003060000-0x000000000306F000-memory.dmp

Filesize
60KB

Download
memory/4436-22-0x0000000001560000-0x0000000001561000-memory.dmp

Filesize
4KB

Download
memory/4436-32-0x0000000001560000-0x0000000001561000-memory.dmp

Filesize
4KB

Download