157567f9e18be2173d07ca32195e2d583f22978570c4c5ec5d1dbcbc8c9c3d03

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/06/2024, 21:08

Target

VISUAL FREE/VISUAL FREE/INSTALL THESE FIRST!/INSTALL ME TO (REQUIRED).ttf
Size

147KB
MD5

14d00dab1f6802e787183ecab5cce85e
SHA1

645e04c53c6b5b35bce654a811ebce16af8aa721
SHA256

291e4388a436cf0c0d532ce4735a4ca36bd2286912b051ea423d5c383be06cd7
SHA512

283149857c0cb618f7f0fb16579d30a3fbb842d74a6defeb3373eb6e3df905a822a089635b58118651911e8930dfd39053e52693451590c128c7874ab0f7044c
SSDEEP

3072:9RftHRC8WOLzrxJzymvVGSpsFJauMUMsItEYxEj3:XDlGSpglItEYxI

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 2584	112	cmd.exe	29
PID 112 wrote to memory of 2584	112	cmd.exe	29
PID 112 wrote to memory of 2584	112	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\VISUAL FREE\VISUAL FREE\INSTALL THESE FIRST!\INSTALL ME TO (REQUIRED).ttf"
1⤵
- Suspicious use of WriteProcessMemory
PID:112
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\VISUAL FREE\VISUAL FREE\INSTALL THESE FIRST!\INSTALL ME TO (REQUIRED).ttf
  2⤵
  PID:2584

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact