0ff0224edb6a27b5c23adc7fb759864bb3c645f2cf2f38d0a0290c1fa691fdd2

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27/04/2024, 16:18

Target

WaveTrial/dist/client/assets/codicon-71cccbf1.ttf
Size

70KB
MD5

d28098974f2b7d57f46d1672a3ccd985
SHA1

1f9133d3abe06abd2f7af6209de11474b509e8a0
SHA256

71cccbf15f547a7392f5f2e0ae0c42d5b64cb29ba690eb346b3cb2aa5e4a19e7
SHA512

2359476de4fc85a88e39c665112d49d7b54a50d8b5878b894f5a69cec468be144c333d275de0dc515fd89dd62a811633d2060387df142e24a1709d5786ca0164
SSDEEP

1536:bEKV6Ub+RL0IIeln//sxUSbulvAjjXYKFwzSfk0vZZbM:YvUb+RAHa/ExUsRXbazSfkuM

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 1876	1732	cmd.exe	29
PID 1732 wrote to memory of 1876	1732	cmd.exe	29
PID 1732 wrote to memory of 1876	1732	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\WaveTrial\dist\client\assets\codicon-71cccbf1.ttf
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\WaveTrial\dist\client\assets\codicon-71cccbf1.ttf
  2⤵
  PID:1876

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact