78f03756220d71d6e16b2e7a8a8ee4af46aa61d79e356554c44cf2524e00961b

Resubmissions

26/07/2024, 18:28

240726-w4pgyszeje 7

26/07/2024, 18:14

240726-wvc3kawbml 7

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Resource/Font/CourierStd.otf
Size

30KB
MD5

f4c2d3851e2781b2b3ff60a2e34e81ac
SHA1

779f9fee6d37c37a03601ec1ab406d055e8e7692
SHA256

54cb5c8e9775cb432afe32b0af688536354ad04ef9c9f1450ee7c88a73bc884d
SHA512

218cf55522d6edd88ad92acaa6d440f0f7ff2a0688948a834ef21eff7ca6a915622723720dae234e412e788ee7b722261b1a238a12d05c7f63f24d854fdad43d
SSDEEP

768:px0Kx7uekYqrdC/MNVO6MFsSStwPHMjz9Qc3:j3RuexqrdGYmJStYHmz913

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 2264	1676	cmd.exe	32
PID 1676 wrote to memory of 2264	1676	cmd.exe	32
PID 1676 wrote to memory of 2264	1676	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Resource\Font\CourierStd.otf
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\Resource\Font\CourierStd.otf
  2⤵
  PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...