23bc63dbd4c2ceace969a91129098b1054717dace03c51e7e60788b5bba384f8

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24-08-2024 16:35

Target

Hack Regular Nerd Font Complete Mono Windows Compatible.ttf
Size

1.2MB
MD5

fd12c93bba2bd4a7b9eb021c608a8182
SHA1

1ce12e49a22a441fbd7b0304220f788c48a40df1
SHA256

23bc63dbd4c2ceace969a91129098b1054717dace03c51e7e60788b5bba384f8
SHA512

e69bed2f2429baf31e0ba8ae07770367aef79af4ae2538cfa111768a7c477a1d6b5e27d237bd220a86d8f667267e7c5a2a16f1632a9d6e213550c9724da181b5
SSDEEP

24576:UzAayvLjBeFHljdjPL6t7yHxa1VrBloxOQEsQA8:ZvL4pjPTxsV+a/

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2732	2632	cmd.exe	32
PID 2632 wrote to memory of 2732	2632	cmd.exe	32
PID 2632 wrote to memory of 2732	2632	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Hack Regular Nerd Font Complete Mono Windows Compatible.ttf"
1⤵
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\Hack Regular Nerd Font Complete Mono Windows Compatible.ttf
  2⤵
  PID:2732

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact