e8a2d897f100807fff5ddf64dba8ce69768c3ba019ba83f2458677a3b0d6a6b7 | Triage

Analysis

max time kernel
28s
max time network
32s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
10/07/2023, 07:32

Sharing

Report Analysis Logs

General

Target

__wap2app.ttf
Size

2KB
MD5

95e605877ce5ac89b030be1cb8cd5a23
SHA1

aa2c4583a3934ddccc49de2b11286198f0e09f62
SHA256

fa82d37dd15c712ea5b2e9d53f1f29395de28158a75ca537bf5dfd3761db5aab
SHA512

cd36408dcb7e4ed16aecb3c36a03e27ceb28f924467c8f97cf6aba42a35913ec4038c8fd477fe5e180c6e9d130cdf7f49590a13e74bc30c27953a7c7ce948b13

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 2952	1644	cmd.exe	30
PID 1644 wrote to memory of 2952	1644	cmd.exe	30
PID 1644 wrote to memory of 2952	1644	cmd.exe	30

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\__wap2app.ttf
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\__wap2app.ttf
  2⤵
  PID:2952

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads