Overview
overview
3Static
static
masam/about-us.html
windows7_x64
1masam/about-us.html
windows10_x64
1masam/asse...y.html
windows7_x64
1masam/asse...y.html
windows10_x64
1masam/asse...vg.xml
windows7_x64
1masam/asse...vg.xml
windows10_x64
1masam/asse...vg.xml
windows7_x64
1masam/asse...vg.xml
windows10_x64
1masam/asse...vg.xml
windows7_x64
1masam/asse...vg.xml
windows10_x64
1masam/asse...vg.xml
windows7_x64
1masam/asse...vg.xml
windows10_x64
1masam/asse...pg.ps1
windows7_x64
1masam/asse...pg.ps1
windows10_x64
3masam/asse...pg.ps1
windows7_x64
1masam/asse...pg.ps1
windows10_x64
3masam/asse...min.js
windows7_x64
1masam/asse...min.js
windows10_x64
1masam/asse...ear.js
windows7_x64
1masam/asse...ear.js
windows10_x64
1masam/asse...min.js
windows7_x64
1masam/asse...min.js
windows10_x64
1masam/asse...ess.js
windows7_x64
1masam/asse...ess.js
windows10_x64
1masam/asse...aps.js
windows7_x64
1masam/asse...aps.js
windows10_x64
1masam/asse...ope.js
windows7_x64
1masam/asse...ope.js
windows10_x64
1masam/asse...tTo.js
windows7_x64
1masam/asse...tTo.js
windows10_x64
1masam/asse...box.js
windows7_x64
1masam/asse...box.js
windows10_x64
1Analysis
-
max time kernel
98s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
30-08-2021 05:33
Static task
static1
Behavioral task
behavioral1
Sample
masam/about-us.html
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral2
Sample
masam/about-us.html
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral3
Sample
masam/assets/css/owl.video.play.html
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral4
Sample
masam/assets/css/owl.video.play.html
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral5
Sample
masam/assets/fonts/Flaticon.svg.xml
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral6
Sample
masam/assets/fonts/Flaticon.svg.xml
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral7
Sample
masam/assets/fonts/fa-brands-400.svg.xml
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral8
Sample
masam/assets/fonts/fa-brands-400.svg.xml
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral9
Sample
masam/assets/fonts/fa-regular-400.svg.xml
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral10
Sample
masam/assets/fonts/fa-regular-400.svg.xml
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral11
Sample
masam/assets/fonts/fa-solid-900.svg.xml
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral12
Sample
masam/assets/fonts/fa-solid-900.svg.xml
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral13
Sample
masam/assets/images/banner/slider-1.jpg.ps1
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral14
Sample
masam/assets/images/banner/slider-1.jpg.ps1
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral15
Sample
masam/assets/images/banner/slider-3.jpg.ps1
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral16
Sample
masam/assets/images/banner/slider-3.jpg.ps1
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral17
Sample
masam/assets/js/TweenMax.min.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral18
Sample
masam/assets/js/TweenMax.min.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral19
Sample
masam/assets/js/appear.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral20
Sample
masam/assets/js/appear.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral21
Sample
masam/assets/js/bootstrap.min.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral22
Sample
masam/assets/js/bootstrap.min.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral23
Sample
masam/assets/js/circle-progress.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral24
Sample
masam/assets/js/circle-progress.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral25
Sample
masam/assets/js/gmaps.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral26
Sample
masam/assets/js/gmaps.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral27
Sample
masam/assets/js/isotope.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral28
Sample
masam/assets/js/isotope.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral29
Sample
masam/assets/js/jquery.countTo.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral30
Sample
masam/assets/js/jquery.countTo.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral31
Sample
masam/assets/js/jquery.fancybox.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral32
Sample
masam/assets/js/jquery.fancybox.js
Resource
win10v20210408
windows10_x64
General
-
Target
masam/assets/fonts/fa-solid-900.svg.xml
-
Size
708KB
-
MD5
1d220cf9da36861171fa90d3c164f4d3
-
SHA1
48dd075ebb76553a349ca1e7303cfcdc29e3b837
-
SHA256
5b6feb9b79633914763b4665a7866debf9a7a6bf9f3f73c2b5edff6eb7c61639
-
SHA512
625f587836a244c565c976180b8b84b733ab8f5dac79b8c170ba9088dec56899a1cfb844757c42ccb65168be4f3ec09f2559b1cc2e694ff17bfb43ec61dd31dc
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3f4d9d5a43ef247a3495b6fa5448bb4000000000200000000001066000000010000200000004367899e9b0406f773ce53d98c0fe4d21087a061e7f6ac7a027ab3531259d209000000000e800000000200002000000001f9c4846fc23a2d2a036852e9fda6c436e0f91340b08ae903cec8c3eeaaa6bc20000000edcf1f7dc287b29aeeaa971ac022c5755a04d9ab35186a6bd28c600bc111804a40000000b2f306f41b9cadc1d02414fd0bcb51ce7040cc2c80ade07b65cadfd73bc684686067c06c2103471db5f25e5cf0ff529dc48551ad58ada896782ba0bc12d67e4c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2B0184D5-0996-11EC-B2DB-C237398C17BD} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4291144520" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30907811" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3f4d9d5a43ef247a3495b6fa5448bb400000000020000000000106600000001000020000000f4373bd2f58dae00b436c567aa095027b25c239696270ff3590f4ff18512a560000000000e8000000002000020000000f4ed9b67f22de5d37b57080f72b446cf75f206b15a33c272b8259ad04c6998902000000099bdfb23074853101e2a533b0fe6bc90f92136a21265829f832c563615d285c5400000004ddfec0cd1cd16eb16eaa3eb5e1d44f4c3ba994b576681e6f5d83597821fb309c1053f2bb47c75cd262ea01e357801beaa5ea0ab5e7c6264dd4f2d508aa33621 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "34146323" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "337111683" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30907810" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30907810" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "337143675" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50f5ec03a39dd701 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0d51704a39dd701 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4291144520" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "337095089" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3740 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3740 iexplore.exe 3740 iexplore.exe 2468 IEXPLORE.EXE 2468 IEXPLORE.EXE 2468 IEXPLORE.EXE 2468 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 900 wrote to memory of 3740 900 MSOXMLED.EXE 75 PID 900 wrote to memory of 3740 900 MSOXMLED.EXE 75 PID 3740 wrote to memory of 2468 3740 iexplore.exe 77 PID 3740 wrote to memory of 2468 3740 iexplore.exe 77 PID 3740 wrote to memory of 2468 3740 iexplore.exe 77
Processes
-
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\masam\assets\fonts\fa-solid-900.svg.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:900 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\masam\assets\fonts\fa-solid-900.svg.xml2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3740 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3740 CREDAT:82945 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2468
-
-