Overview
overview
7Static
static
1WPLOCKER.COM.url
windows7-x64
6WPLOCKER.COM.url
windows10-2004-x64
3qalam/asse...ml5.js
windows7-x64
1qalam/asse...ml5.js
windows10-2004-x64
1qalam/asse...end.js
windows7-x64
1qalam/asse...end.js
windows10-2004-x64
1qalam/asse...00.ttf
windows7-x64
3qalam/asse...00.ttf
windows10-2004-x64
7qalam/asse....woff2
windows7-x64
3qalam/asse....woff2
windows10-2004-x64
3qalam/asse...00.ttf
windows7-x64
3qalam/asse...00.ttf
windows10-2004-x64
7qalam/asse....woff2
windows7-x64
3qalam/asse....woff2
windows10-2004-x64
3qalam/asse...00.ps1
windows7-x64
1qalam/asse...00.ps1
windows10-2004-x64
1qalam/incl...umb.js
windows7-x64
1qalam/incl...umb.js
windows10-2004-x64
1qalam/incl...on.ps1
windows7-x64
1qalam/incl...on.ps1
windows10-2004-x64
1qalam/lang...am.pot
windows7-x64
1qalam/lang...am.pot
windows10-2004-x64
1wp-post-mo...min.js
windows7-x64
1wp-post-mo...min.js
windows10-2004-x64
1wp-post-mo...min.js
windows7-x64
1wp-post-mo...min.js
windows10-2004-x64
1wp-post-mo...min.js
windows7-x64
1wp-post-mo...min.js
windows10-2004-x64
1wp-post-mo...end.js
windows7-x64
1wp-post-mo...end.js
windows10-2004-x64
1wp-post-mo...min.js
windows7-x64
1wp-post-mo...min.js
windows10-2004-x64
1Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
22-01-2024 12:25
Static task
static1
Behavioral task
behavioral1
Sample
WPLOCKER.COM.url
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
WPLOCKER.COM.url
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
qalam/assets/js/html5.js
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
qalam/assets/js/html5.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
qalam/assets/js/qalam.frontend.js
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
qalam/assets/js/qalam.frontend.js
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
qalam/assets/webfonts/fa-brands-400.ttf
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
qalam/assets/webfonts/fa-brands-400.ttf
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
qalam/assets/webfonts/fa-brands-400.woff2
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
qalam/assets/webfonts/fa-brands-400.woff2
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
qalam/assets/webfonts/fa-regular-400.ttf
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
qalam/assets/webfonts/fa-regular-400.ttf
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
qalam/assets/webfonts/fa-regular-400.woff2
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
qalam/assets/webfonts/fa-regular-400.woff2
Resource
win10v2004-20231222-en
Behavioral task
behavioral15
Sample
qalam/assets/webfonts/fa-solid-900.ps1
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
qalam/assets/webfonts/fa-solid-900.ps1
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
qalam/includes/bfi_thumb.js
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
qalam/includes/bfi_thumb.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
qalam/includes/class-tgm-plugin-activation.ps1
Resource
win7-20231129-en
Behavioral task
behavioral20
Sample
qalam/includes/class-tgm-plugin-activation.ps1
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
qalam/languages/qalam.pot
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
qalam/languages/qalam.pot
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
wp-post-modules-el/assets/js/jquery.easing.min.js
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
wp-post-modules-el/assets/js/jquery.easing.min.js
Resource
win10v2004-20231222-en
Behavioral task
behavioral25
Sample
wp-post-modules-el/assets/js/jquery.marquee.min.js
Resource
win7-20231215-en
Behavioral task
behavioral26
Sample
wp-post-modules-el/assets/js/jquery.marquee.min.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
wp-post-modules-el/assets/js/owl.carousel.min.js
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
wp-post-modules-el/assets/js/owl.carousel.min.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
wp-post-modules-el/assets/js/wppm-el.frontend.js
Resource
win7-20231129-en
Behavioral task
behavioral30
Sample
wp-post-modules-el/assets/js/wppm-el.frontend.js
Resource
win10v2004-20231222-en
Behavioral task
behavioral31
Sample
wp-post-modules-el/assets/js/wppm-el.frontend.min.js
Resource
win7-20231215-en
Behavioral task
behavioral32
Sample
wp-post-modules-el/assets/js/wppm-el.frontend.min.js
Resource
win10v2004-20231222-en
General
-
Target
qalam/assets/webfonts/fa-brands-400.ttf
-
Size
185KB
-
MD5
bb8cd014d7a55672934233c354e1c4a3
-
SHA1
d8b3568e9d8a1d3c01c85520eb9ca0b49b72815d
-
SHA256
003f11541856a649a6c8235c6266c8936224c5d609e51442da24dc5556d14fbf
-
SHA512
b541d7b00823512999e0a2cf87f2c551335c2879bd43a974dfad9a92f7c04d2b3d3bddb4cb723a84ca8385480de426acc0e86b506bd75a567f1a182588deaea7
-
SSDEEP
3072:QKLQq624uZJ6+E02aqPrBG6h5hpUnV2Zf4OhJntJZDwm+G2X7z/:oD24kJ6+E02aqPFfuSf4OBJZD0Gmn/
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2264 wrote to memory of 1728 2264 cmd.exe fontview.exe PID 2264 wrote to memory of 1728 2264 cmd.exe fontview.exe PID 2264 wrote to memory of 1728 2264 cmd.exe fontview.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\qalam\assets\webfonts\fa-brands-400.ttf1⤵
- Suspicious use of WriteProcessMemory
PID:2264 -
C:\Windows\System32\fontview.exe"C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\qalam\assets\webfonts\fa-brands-400.ttf2⤵PID:1728