50404b238608281c6c1d5de7b453f7c7c93bfdd8fb9a063ce2712529a9265986

Resubmissions

04/07/2023, 05:52

230704-gk5bqscg4w 7

04/07/2023, 05:38

230704-gbyslacf9s 7

Analysis

max time kernel
1s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2023, 05:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

HELVETICANEUELTCOM-MDCN.ttf
Size

152KB
MD5

b8634fddc57a4fd723669b393b8e49fe
SHA1

6e42089678607cdb57d7b2afb96e7460863f214e
SHA256

78db18c1de8b6805c13c59a868e5a34b7cf7440edb3e0aca6321f96fc1bf2879
SHA512

e2d86f5875d267e2e665b8493f7ffd2d6d55e56744f835cf6e3a842cba489b7ca58fb6c929d882195437a2e7dfa9a20bfa295ef60254c403b4ad5d970221291e
SSDEEP

3072:JLTBz2jOGAU1nVD/bRoBJdwyT7DrN0sxoxmzxsoJ:JLEjqU15mvx0sxoxmXJ

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\International\Geo\Nation	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	cmd.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3948 wrote to memory of 2312	3948	cmd.exe	81
PID 3948 wrote to memory of 2312	3948	cmd.exe	81

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\HELVETICANEUELTCOM-MDCN.ttf
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3948
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\HELVETICANEUELTCOM-MDCN.ttf
  2⤵
  PID:2312

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads