Overview
overview
10Static
static
4d9f0268cba...5f.iso
windows7-x64
3d9f0268cba...5f.iso
windows10-2004-x64
3out.iso
windows7-x64
1out.iso
windows10-2004-x64
1PANDUAN_PE...AS.lnk
windows7-x64
10PANDUAN_PE...AS.lnk
windows10-2004-x64
10PANDUAN_PE...AS.pdf
windows7-x64
3PANDUAN_PE...AS.pdf
windows10-2004-x64
3PANDUAN_PE...AS.ps1
windows7-x64
10PANDUAN_PE...AS.ps1
windows10-2004-x64
10controller.exe
windows7-x64
10controller.exe
windows10-2004-x64
10Analysis
-
max time kernel
117s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
07-09-2024 10:22
Behavioral task
behavioral1
Sample
d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.iso
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.iso
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
out.iso
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
out.iso
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
PANDUAN_PENGGUNA_MyKHAS.lnk
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
PANDUAN_PENGGUNA_MyKHAS.lnk
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
PANDUAN_PENGGUNA_MyKHAS.pdf
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
PANDUAN_PENGGUNA_MyKHAS.pdf
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
PANDUAN_PENGGUNA_MyKHAS.ps1
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
PANDUAN_PENGGUNA_MyKHAS.ps1
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
controller.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
controller.exe
Resource
win10v2004-20240802-en
General
-
Target
d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.iso
-
Size
301.3MB
-
MD5
f3e410928fecf68cec98236d1bf0598d
-
SHA1
ca8e7f70b35fe202eba3cb7b52cc5967eca32d47
-
SHA256
d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f
-
SHA512
413f7fe44bab520764a54514730226492231b648542e98aeb0d2e38eb3adf4fb9c4d811e1a8965194fe02d2f724c499119891121a9c38acad4b3ded6989f9f7a
-
SSDEEP
6291456:btfHLnhapc6UQ5cBe4raaM7N+2i35r6pLOfEL44i:pfdapc6FEWk5rei8L43
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2848 wrote to memory of 2624 2848 cmd.exe 31 PID 2848 wrote to memory of 2624 2848 cmd.exe 31 PID 2848 wrote to memory of 2624 2848 cmd.exe 31
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.iso1⤵
- Suspicious use of WriteProcessMemory
PID:2848 -
C:\Windows\System32\isoburn.exe"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.iso"2⤵PID:2624
-