Overview

overview

3

Static

static

masam/about-us.html

windows7_x64

1

masam/about-us.html

windows10_x64

1

masam/asse...y.html

windows7_x64

1

masam/asse...y.html

windows10_x64

1

masam/asse...vg.xml

windows7_x64

1

masam/asse...vg.xml

windows10_x64

1

masam/asse...vg.xml

windows7_x64

1

masam/asse...vg.xml

windows10_x64

1

masam/asse...vg.xml

windows7_x64

1

masam/asse...vg.xml

windows10_x64

1

masam/asse...vg.xml

windows7_x64

1

masam/asse...vg.xml

windows10_x64

1

masam/asse...pg.ps1

windows7_x64

1

masam/asse...pg.ps1

windows10_x64

3

masam/asse...pg.ps1

windows7_x64

1

masam/asse...pg.ps1

windows10_x64

3

masam/asse...min.js

windows7_x64

1

masam/asse...min.js

windows10_x64

1

masam/asse...ear.js

windows7_x64

1

masam/asse...ear.js

windows10_x64

1

masam/asse...min.js

windows7_x64

1

masam/asse...min.js

windows10_x64

1

masam/asse...ess.js

windows7_x64

1

masam/asse...ess.js

windows10_x64

1

masam/asse...aps.js

windows7_x64

1

masam/asse...aps.js

windows10_x64

1

masam/asse...ope.js

windows7_x64

1

masam/asse...ope.js

windows10_x64

1

masam/asse...tTo.js

windows7_x64

1

masam/asse...tTo.js

windows10_x64

1

masam/asse...box.js

windows7_x64

1

masam/asse...box.js

windows10_x64

1

Analysis

  • max time kernel
    24s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    30-08-2021 05:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    masam/assets/images/banner/slider-3.jpg.ps1

  • Size

    305KB

  • MD5

    d4641d37d52119ebd3055b1d61fc44da

  • SHA1

    a30508de242c0805d3114c7e5430d9a1ddec622c

  • SHA256

    55308ec5b07983fe0c5eecc4ae58066e9b5575a53c1d38587bb29b64851c6231

  • SHA512

    d2c6858462cd3a410b41e1b57ab47d1cc7dcfc4a1c108ad95b7820156ab52fe8d92fc32973311bd8981e3f5c7dec16c05862269fa6f0166807e58f37e0d86e5d

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\masam\assets\images\banner\slider-3.jpg.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:808
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 808 -s 1968
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/808-121-0x000001CB6B190000-0x000001CB6B191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/808-124-0x000001CB6B620000-0x000001CB6B621000-memory.dmp

    Filesize

    4KB

    Download

  • memory/808-125-0x000001CB6ACC0000-0x000001CB6ACC2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/808-126-0x000001CB6ACC3000-0x000001CB6ACC5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/808-139-0x000001CB6ACC6000-0x000001CB6ACC8000-memory.dmp

    Filesize

    8KB

    Download