Analysis
-
max time kernel
298s -
max time network
206s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
19-12-2024 22:52
General
-
Target
api-docs/_static/css/fonts/fontawesome-webfont.ttf
-
Size
161KB
-
MD5
b06871f281fee6b241d60582ae9369b9
-
SHA1
13b1eab65a983c7a73bc7997c479d66943f7c6cb
-
SHA256
aa58f33f239a0fb02f5c7a6c45c043d7a9ac9a093335806694ecd6d4edc0d6a8
-
SHA512
9ffb91e68c975172848b4bba25284678cc2c6eb4fb2d42000aa871c36656c4cebc28bf83c94df9afdfbf2407c01fe6b554c660b9b5c11af27c35acadfe6136ac
-
SSDEEP
3072:3bhEnD+IzsU9z9QJ6/P3Xe2iEiEPGFCMW1JVJG6wVTDsk6BmG6S1yKshojskO+b2:3enD+IzsU9z9QJ6/PO2FiEP2C/DVJG6I
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\api-docs\_static\css\fonts\fontawesome-webfont.ttf1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\fontview.exe"C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\api-docs\_static\css\fonts\fontawesome-webfont.ttf2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
161KB
MD5b06871f281fee6b241d60582ae9369b9
SHA113b1eab65a983c7a73bc7997c479d66943f7c6cb
SHA256aa58f33f239a0fb02f5c7a6c45c043d7a9ac9a093335806694ecd6d4edc0d6a8
SHA5129ffb91e68c975172848b4bba25284678cc2c6eb4fb2d42000aa871c36656c4cebc28bf83c94df9afdfbf2407c01fe6b554c660b9b5c11af27c35acadfe6136ac