Analysis
-
max time kernel
62s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
09-06-2023 18:41
General
-
Target
Sansation-Regular.ttf
-
Size
43KB
-
MD5
b06ad7b83e55d7b3599a21635ab88644
-
SHA1
028307e239259aa3026adc59257435c7909d6ea4
-
SHA256
6d47039ee6665d78b143a1b264abc02017a33ffa52a4e9f6645ce357f92d4f09
-
SHA512
89ec2e53a227646d08359de170042cb1ba57b4f0f92a1c5b46373ed7ca75f32ed9de653a6498404c2acac096bc2c1c4ecced8d74394968fc780849c2a075e5e4
-
SSDEEP
768:b9aYsjV9Ob2KvP+HScdyYCkLDcNS+DtqtpQys3timaP2G+dxEKwfQXJ2r:bdqV9OdvP2dyYVLDcNSiqtiv0x+z+aXC
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Sansation-Regular.ttf1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\fontview.exe"C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\Sansation-Regular.ttf2⤵