bd2d64fc97325bdc1a6cf92e7684854da8eaf28756696e91a4998fc87e1353f0

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-01-2024 12:25

Target

qalam/assets/webfonts/fa-regular-400.ttf
Size

61KB
MD5

675809e48e35c47d51c7d6fcc687ee28
SHA1

2d7890e12afb77490112ec57fe47ca0688aebda2
SHA256

7d81a1a7cc07e1ab196e40496d3f4359e9759f79d8ec883a46675ee69912950b
SHA512

bc8076026b53eadb58d99c29d5770b434f3449c4b5c7f309d88b515e30dce623a4073b3756bb8ef2ed014f9647d7256d8a9b126d6385b14d29a94d5c13436a2f
SSDEEP

768:4C0nfIqu8uiW3TmbOsvpQG/o1rONx7mKMp/df7Ck2kKUGzssSWI7nGNPG+Wb:4CmXuAW3TmvqGO5f7Ck2kSssSVIo

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 3032 wrote to memory of 2400	3032	cmd.exe	fontview.exe
PID 3032 wrote to memory of 2400	3032	cmd.exe	fontview.exe
PID 3032 wrote to memory of 2400	3032	cmd.exe	fontview.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\qalam\assets\webfonts\fa-regular-400.ttf
1⤵
- Suspicious use of WriteProcessMemory
PID:3032

C:\Windows\System32\fontview.exe
"C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\qalam\assets\webfonts\fa-regular-400.ttf
2⤵
PID:2400

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact