Overview
overview
7Static
static
msyh_console.ttf
windows7-x64
3msyh_console.ttf
windows10-1703-x64
3msyh_console.ttf
windows10-2004-x64
7msyh_console.ttf
windows11-21h2-x64
msyh_console.ttf
android-10-x64
msyh_console.ttf
android-11-x64
msyh_console.ttf
android-9-x86
msyh_console.ttf
macos-10.15-amd64
1msyh_console.ttf
debian-9-armhf
msyh_console.ttf
debian-9-mips
msyh_console.ttf
debian-9-mipsel
msyh_console.ttf
ubuntu-18.04-amd64
Analysis
-
max time kernel
1607s -
max time network
1613s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system -
submitted
06-08-2022 08:13
Static task
static1
Behavioral task
behavioral1
Sample
msyh_console.ttf
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
msyh_console.ttf
Resource
win10-20220718-en
Behavioral task
behavioral3
Sample
msyh_console.ttf
Resource
win10v2004-20220721-en
Behavioral task
behavioral4
Sample
msyh_console.ttf
Resource
win11-20220223-en
Behavioral task
behavioral5
Sample
msyh_console.ttf
Resource
android-x64-20220621-en
Behavioral task
behavioral6
Sample
msyh_console.ttf
Resource
android-x64-arm64-20220621-en
Behavioral task
behavioral7
Sample
msyh_console.ttf
Resource
android-x86-arm-20220621-en
Behavioral task
behavioral8
Sample
msyh_console.ttf
Resource
macos-20220504-en
Behavioral task
behavioral9
Sample
msyh_console.ttf
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral10
Sample
msyh_console.ttf
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral11
Sample
msyh_console.ttf
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral12
Sample
msyh_console.ttf
Resource
ubuntu1804-amd64-en-20211208
General
-
Target
msyh_console.ttf
-
Size
95KB
-
MD5
297a9416eb5e071919e56c71c86547e9
-
SHA1
1e1a024490d8a2a2fda43539163222c09845e86d
-
SHA256
3eae643762f70cc3d1ad25293fabbccb53f6f0b297c56d8b4529cf378ce2e72e
-
SHA512
37b6211991aa629fc64925578cc0463588ce6cfa163b65ee2c51cefa7aa4eb30d71e091a0b28acfe22d9405ec1a28ebcdf0c1c0fd87660a00d83a768e4cd9c33
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1808 wrote to memory of 604 1808 cmd.exe fontview.exe PID 1808 wrote to memory of 604 1808 cmd.exe fontview.exe PID 1808 wrote to memory of 604 1808 cmd.exe fontview.exe