157567f9e18be2173d07ca32195e2d583f22978570c4c5ec5d1dbcbc8c9c3d03

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/06/2024, 21:08

Target

VISUAL FREE/VISUAL FREE/INSTALL THESE FIRST!/INSTALL ME (REQUIRED).ttf
Size

151KB
MD5

6f1520d107205975713ba09df778f93f
SHA1

8a4ace9392d06bcb7f8ea2f5169b07e4c383a90d
SHA256

248c0244b350ec68880996aa6be6d7796274b49992d5fcbbefe251906aa4ea36
SHA512

5e40d2ebe39605ed0c2d8be022dd716e51b018e1bb0ae0101164e1e02bcf6b7cca5ec0da2ebcb533d959ae766af8863b27d62efbba1755e9e8d45e7bce51fa36
SSDEEP

3072:0FyHGX8bZ0eysTnqHvobJixBp0TKf3H5z8MkKURj7i8w+fW+uQ:0kHGsysUnQ3tX

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2580	2184	cmd.exe	29
PID 2184 wrote to memory of 2580	2184	cmd.exe	29
PID 2184 wrote to memory of 2580	2184	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\VISUAL FREE\VISUAL FREE\INSTALL THESE FIRST!\INSTALL ME (REQUIRED).ttf"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\VISUAL FREE\VISUAL FREE\INSTALL THESE FIRST!\INSTALL ME (REQUIRED).ttf
  2⤵
  PID:2580

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact