9aaaafb01d1ece93d9d721d948a349827bd261bbbfbef22d778221e7c285bb4a

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 01:21

Target

res/Fonts/Hack-Bold.ttf
Size

379KB
MD5

81ca1b338503c538de1aef5b1a05167e
SHA1

69f032eb469c750c28398faab2f04925d154886d
SHA256

81d46ebd3b8c64e0f846106c58e6ab008331da5563a3e5dd0f9b0c1d69b5d48e
SHA512

cbf60fef896a35044615ac92d129405086fc9fd582c5dc6465dfd1a679699d516a7c9246e44912959ea2e88e52ea48888852a36a2e9a73a3c363ac30091c1d18
SSDEEP

6144:Lnv6ahqvFaS9+va+ClLoH75WPjNiwv132vj8dS49ed/hf4/3bZ:LnvKvFaS4vdClUH75WrNiwv132vjeSNs

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2792	2200	cmd.exe	31
PID 2200 wrote to memory of 2792	2200	cmd.exe	31
PID 2200 wrote to memory of 2792	2200	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\res\Fonts\Hack-Bold.ttf
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\res\Fonts\Hack-Bold.ttf
  2⤵
  PID:2792

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact