bd2d64fc97325bdc1a6cf92e7684854da8eaf28756696e91a4998fc87e1353f0

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-01-2024 12:25

Target

qalam/assets/webfonts/fa-brands-400.ttf
Size

185KB
MD5

bb8cd014d7a55672934233c354e1c4a3
SHA1

d8b3568e9d8a1d3c01c85520eb9ca0b49b72815d
SHA256

003f11541856a649a6c8235c6266c8936224c5d609e51442da24dc5556d14fbf
SHA512

b541d7b00823512999e0a2cf87f2c551335c2879bd43a974dfad9a92f7c04d2b3d3bddb4cb723a84ca8385480de426acc0e86b506bd75a567f1a182588deaea7
SSDEEP

3072:QKLQq624uZJ6+E02aqPrBG6h5hpUnV2Zf4OhJntJZDwm+G2X7z/:oD24kJ6+E02aqPFfuSf4OBJZD0Gmn/

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2264 wrote to memory of 1728	2264	cmd.exe	fontview.exe
PID 2264 wrote to memory of 1728	2264	cmd.exe	fontview.exe
PID 2264 wrote to memory of 1728	2264	cmd.exe	fontview.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\qalam\assets\webfonts\fa-brands-400.ttf
1⤵
- Suspicious use of WriteProcessMemory
PID:2264

C:\Windows\System32\fontview.exe
"C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\qalam\assets\webfonts\fa-brands-400.ttf
2⤵
PID:1728

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact