0fbec360d12da89a5ed772e4320f4ac64d01529def2be02a571bd139b3ebefca

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-02-2024 19:29

Target

MemeSense/fonts/pixel7.ttf
Size

25KB
MD5

cd2242816d23dad4250f5ea159c7675c
SHA1

de74028b5cdb4f3ddc5d5efb0a9b16111b5270fc
SHA256

0e71338a9ae45df2ede080567cfab831627bac9a83be601521ddbace4cbed11e
SHA512

5636ff40d846a824c555b076b8ea95a24a62fce9e1abb04048d529a98d62c9961ffa9f12bbd38caa3281f33dc10900aef3095362f34309b6404ad82fd0900458
SSDEEP

384:VfvBLFj/8zVzglSHg/CxhAzxhAefWVfW0Ur2tPRGVRZ:7LFj8zVzglIAbqlPRGJ

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 2700	1816	cmd.exe	29
PID 1816 wrote to memory of 2700	1816	cmd.exe	29
PID 1816 wrote to memory of 2700	1816	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\MemeSense\fonts\pixel7.ttf
1⤵
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\MemeSense\fonts\pixel7.ttf
  2⤵
  PID:2700

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact