3d445f2b4e5ec21b7ea9fd54f8816c60002fbe5c6fde029771ec6caedf1db2de

Analysis

max time kernel
92s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Vyron Spoofer/Install These/Poppins-SemiBold.ttf
Size

151KB
MD5

6f1520d107205975713ba09df778f93f
SHA1

8a4ace9392d06bcb7f8ea2f5169b07e4c383a90d
SHA256

248c0244b350ec68880996aa6be6d7796274b49992d5fcbbefe251906aa4ea36
SHA512

5e40d2ebe39605ed0c2d8be022dd716e51b018e1bb0ae0101164e1e02bcf6b7cca5ec0da2ebcb533d959ae766af8863b27d62efbba1755e9e8d45e7bce51fa36
SSDEEP

3072:0FyHGX8bZ0eysTnqHvobJixBp0TKf3H5z8MkKURj7i8w+fW+uQ:0kHGsysUnQ3tX

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	cmd.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 3536	4444	cmd.exe	85
PID 4444 wrote to memory of 3536	4444	cmd.exe	85

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Vyron Spoofer\Install These\Poppins-SemiBold.ttf"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\Vyron Spoofer\Install These\Poppins-SemiBold.ttf
  2⤵
  PID:3536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads