Analysis

  • max time kernel
    112s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-09-2024 10:22

General

  • Target

    d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.iso

  • Size

    301.3MB

  • MD5

    f3e410928fecf68cec98236d1bf0598d

  • SHA1

    ca8e7f70b35fe202eba3cb7b52cc5967eca32d47

  • SHA256

    d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f

  • SHA512

    413f7fe44bab520764a54514730226492231b648542e98aeb0d2e38eb3adf4fb9c4d811e1a8965194fe02d2f724c499119891121a9c38acad4b3ded6989f9f7a

  • SSDEEP

    6291456:btfHLnhapc6UQ5cBe4raaM7N+2i35r6pLOfEL44i:pfdapc6FEWk5rei8L43

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.iso
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads