b67525bc7bd67a1828012580601147bc094e7724099158b753360f3b29329541

Analysis

max time kernel
220s
max time network
279s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-03-2024 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ragib's Website Project/font-awesome-4.7.0/css/font-awesome.css
Size

36KB
MD5

c495654869785bc3df60216616814ad1
SHA1

0140952c64e3f2b74ef64e050f2fe86eab6624c8
SHA256

36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
SHA512

e40f27c1d30e5ab4b3db47c3b2373381489d50147c9623d853e5b299364fd65998f46e8e73b1e566fd79e97aa7b20354cd3c8c79f15372c147fed9c913ffb106
SSDEEP

768:mmMtI+A4CSIDqvnI+YTBrFPvVrJjhiRAiiEL:mXtI+A4GDUI+Y9rpVljhiIEL

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	cmd.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 3996	2164	cmd.exe	88
PID 2164 wrote to memory of 3996	2164	cmd.exe	88

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Ragib's Website Project\font-awesome-4.7.0\css\font-awesome.css"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Ragib's Website Project\font-awesome-4.7.0\css\font-awesome.css
  2⤵
  PID:3996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads