951cc98b54bc4d78ce4f11a3bdbfdaee7777591ffef88bb2557ebecbb1909013

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
03-08-2024 11:14

Target

aaa.iso
Size

446KB
MD5

1a5d350d71f6821006691ac076e026e0
SHA1

1dfb04e5d3f71b03085b3787e4970281f08bff74
SHA256

951cc98b54bc4d78ce4f11a3bdbfdaee7777591ffef88bb2557ebecbb1909013
SHA512

191ffda025f43e4133cd9bd941304adb2057c557cecab95207a02a117c57533c0713233f8701965f9699da2c891a97c6f26f55e9b9c11accfc0eaa11f3dc753c
SSDEEP

6144:etgTFlqteWTBa5WsoUReNsyLK9d8WqniKS9jyA9yjHHXsBcfmL/p+LIORL6qYFYM:U8z4TU5WsoURzN9WtniPHlQEFYM

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 3064 wrote to memory of 2312	3064	cmd.exe	isoburn.exe
PID 3064 wrote to memory of 2312	3064	cmd.exe	isoburn.exe
PID 3064 wrote to memory of 2312	3064	cmd.exe	isoburn.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\aaa.iso
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\System32\isoburn.exe
  "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\aaa.iso"
  2⤵
  PID:2312

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2312-24-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download