03c83b3f458226a90a644b6894608c3d46c59cda2e62fd8654a7bfb1af241d36

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 07:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New folder (5)/GUI/Quality.iso
Size

1KB
MD5

a54948357212ceaaa6b98c28d5fa24d4
SHA1

96f5d86cc90cd80ccf19fd5a4e8c0f31fc85efea
SHA256

a95f3b22751db5c9a0614297713a7286d3cedc58f4dd5c4ffdbff12386a563e7
SHA512

8365e5c5e48013e93d6d77093101ef9aecba0967ca9780e7f30c27e5365b5f4a4fc3428079f9b4be6735095891ef430eeeaa551035f3092383b83a6855f06470

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2616	2112	cmd.exe	31
PID 2112 wrote to memory of 2616	2112	cmd.exe	31
PID 2112 wrote to memory of 2616	2112	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\New folder (5)\GUI\Quality.iso"
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\System32\isoburn.exe
  "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\New folder (5)\GUI\Quality.iso"
  2⤵
  PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2616-24-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download