157567f9e18be2173d07ca32195e2d583f22978570c4c5ec5d1dbcbc8c9c3d03

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
08-06-2024 21:08

Target

VISUAL FREE/VISUAL FREE/INSTALL THESE FIRST!/INSTALL ME ASWELL! (REQUIRED).ttf
Size

203KB
MD5

627d0e537f4a06a535ae956e4a87837f
SHA1

0b3d2153576f8ec576af1c89e4793a3dcf0ebb0c
SHA256

e1bc0a0ff1fff1d1c69d2550998717cc8c780c4a8a5b334a41e36aff5d2f98ce
SHA512

dd534c5358746e07b71d3b3cc6f17886b4ad0c800e0ffa418da424efaf661bc1d97fe99f3cf8cd6ce5beef4cf1609c851b6d15d8784c3f4358be5f0781fd8f8e
SSDEEP

6144:Pfsyubil/CH+5OftuSpdikAUMqY9J8sYi7W52Oavz3BTvjK:1uCY5kSpbvsJ8sYi7W52Oavz3BTvu

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2632	1944	cmd.exe	29
PID 1944 wrote to memory of 2632	1944	cmd.exe	29
PID 1944 wrote to memory of 2632	1944	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\VISUAL FREE\VISUAL FREE\INSTALL THESE FIRST!\INSTALL ME ASWELL! (REQUIRED).ttf"
1⤵
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\VISUAL FREE\VISUAL FREE\INSTALL THESE FIRST!\INSTALL ME ASWELL! (REQUIRED).ttf
  2⤵
  PID:2632

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact