Overview

overview

10

Static

static

4

d9f0268cba...5f.iso

windows7-x64

3

d9f0268cba...5f.iso

windows10-2004-x64

3

out.iso

windows7-x64

1

out.iso

windows10-2004-x64

1

PANDUAN_PE...AS.lnk

windows7-x64

10

PANDUAN_PE...AS.lnk

windows10-2004-x64

10

PANDUAN_PE...AS.pdf

windows7-x64

3

PANDUAN_PE...AS.pdf

windows10-2004-x64

3

PANDUAN_PE...AS.ps1

windows7-x64

10

PANDUAN_PE...AS.ps1

windows10-2004-x64

10

controller.exe

windows7-x64

10

controller.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2024 10:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.iso

  • Size

    301.3MB

  • MD5

    f3e410928fecf68cec98236d1bf0598d

  • SHA1

    ca8e7f70b35fe202eba3cb7b52cc5967eca32d47

  • SHA256

    d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f

  • SHA512

    413f7fe44bab520764a54514730226492231b648542e98aeb0d2e38eb3adf4fb9c4d811e1a8965194fe02d2f724c499119891121a9c38acad4b3ded6989f9f7a

  • SSDEEP

    6291456:btfHLnhapc6UQ5cBe4raaM7N+2i35r6pLOfEL44i:pfdapc6FEWk5rei8L43

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.iso
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Windows\System32\isoburn.exe
      "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.iso"
      2⤵
        PID:2624

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2624-24-0x0000000000290000-0x0000000000291000-memory.dmp

      Filesize

      4KB

      Download