Overview
overview
3Static
static
masam/about-us.html
windows7_x64
1masam/about-us.html
windows10_x64
1masam/asse...y.html
windows7_x64
1masam/asse...y.html
windows10_x64
1masam/asse...vg.xml
windows7_x64
1masam/asse...vg.xml
windows10_x64
1masam/asse...vg.xml
windows7_x64
1masam/asse...vg.xml
windows10_x64
1masam/asse...vg.xml
windows7_x64
1masam/asse...vg.xml
windows10_x64
1masam/asse...vg.xml
windows7_x64
1masam/asse...vg.xml
windows10_x64
1masam/asse...pg.ps1
windows7_x64
1masam/asse...pg.ps1
windows10_x64
3masam/asse...pg.ps1
windows7_x64
1masam/asse...pg.ps1
windows10_x64
3masam/asse...min.js
windows7_x64
1masam/asse...min.js
windows10_x64
1masam/asse...ear.js
windows7_x64
1masam/asse...ear.js
windows10_x64
1masam/asse...min.js
windows7_x64
1masam/asse...min.js
windows10_x64
1masam/asse...ess.js
windows7_x64
1masam/asse...ess.js
windows10_x64
1masam/asse...aps.js
windows7_x64
1masam/asse...aps.js
windows10_x64
1masam/asse...ope.js
windows7_x64
1masam/asse...ope.js
windows10_x64
1masam/asse...tTo.js
windows7_x64
1masam/asse...tTo.js
windows10_x64
1masam/asse...box.js
windows7_x64
1masam/asse...box.js
windows10_x64
1Analysis
-
max time kernel
108s -
max time network
178s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
30-08-2021 05:33
Static task
static1
Behavioral task
behavioral1
Sample
masam/about-us.html
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral2
Sample
masam/about-us.html
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral3
Sample
masam/assets/css/owl.video.play.html
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral4
Sample
masam/assets/css/owl.video.play.html
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral5
Sample
masam/assets/fonts/Flaticon.svg.xml
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral6
Sample
masam/assets/fonts/Flaticon.svg.xml
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral7
Sample
masam/assets/fonts/fa-brands-400.svg.xml
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral8
Sample
masam/assets/fonts/fa-brands-400.svg.xml
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral9
Sample
masam/assets/fonts/fa-regular-400.svg.xml
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral10
Sample
masam/assets/fonts/fa-regular-400.svg.xml
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral11
Sample
masam/assets/fonts/fa-solid-900.svg.xml
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral12
Sample
masam/assets/fonts/fa-solid-900.svg.xml
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral13
Sample
masam/assets/images/banner/slider-1.jpg.ps1
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral14
Sample
masam/assets/images/banner/slider-1.jpg.ps1
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral15
Sample
masam/assets/images/banner/slider-3.jpg.ps1
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral16
Sample
masam/assets/images/banner/slider-3.jpg.ps1
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral17
Sample
masam/assets/js/TweenMax.min.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral18
Sample
masam/assets/js/TweenMax.min.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral19
Sample
masam/assets/js/appear.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral20
Sample
masam/assets/js/appear.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral21
Sample
masam/assets/js/bootstrap.min.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral22
Sample
masam/assets/js/bootstrap.min.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral23
Sample
masam/assets/js/circle-progress.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral24
Sample
masam/assets/js/circle-progress.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral25
Sample
masam/assets/js/gmaps.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral26
Sample
masam/assets/js/gmaps.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral27
Sample
masam/assets/js/isotope.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral28
Sample
masam/assets/js/isotope.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral29
Sample
masam/assets/js/jquery.countTo.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral30
Sample
masam/assets/js/jquery.countTo.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral31
Sample
masam/assets/js/jquery.fancybox.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral32
Sample
masam/assets/js/jquery.fancybox.js
Resource
win10v20210408
windows10_x64
General
-
Target
masam/assets/fonts/Flaticon.svg.xml
-
Size
383KB
-
MD5
f3425e20da8e7a8da3d61e45ca8aa362
-
SHA1
f71c09f2c63cf43128b63cc310198d1833daaf23
-
SHA256
a5ab573b316351179d070c23e72f767541c2ec260c6672d4a32cafebab2704c7
-
SHA512
89642835a3a5a1b0d27597dd870ccbab33a51542bccbef37313bcaa347ac2fa10d81f65f4c02017fbb113e0efc01c36baf58167ae145ed70431ef05eb15e4cbe
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015ec1f80a24ff54bb7f68d119b8290d800000000020000000000106600000001000020000000214dd28903cb3cd7264f67c95035a939e9946ec95b487c985a23e6b160f70fb4000000000e8000000002000020000000ad71d414f7a855cfbb3121b119d1f3e1e6575509760bdc963bdacd7e510b406f2000000066c028fcbd58ac17c2267a1abca8431a30ade5625ac372ab815aa3703bd5f1894000000038142d2ffee233b1335362b5bbe5363c3e2c47586567b5c54b16465d61c0eb80ccd4b74aab41d98cd1a8f22f80640a9cc6fa30d63669cbe69556fad58842daf9 IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015ec1f80a24ff54bb7f68d119b8290d800000000020000000000106600000001000020000000d7ff6b6b49b6b199bbb3a0953c4f4c72ad89387dc686565ae6fca9fc0ec976ac000000000e8000000002000020000000cd40817645a4206a9ae85c4655f89e76708f61fd8a1d1d0f66432213c0881f8d90000000e77e6551126ad7e6bd72fd874a237b6b2fddbbc3980800951b170a0469514962e3ffc3423f9cbb6e062725634508ecc83e223bd62f27740a9d36569f5d5e0e4c8c11ddc84c921c5793e6cfb06ce78bd8e669db823c1a619f5ac994738fbd63aa132be9407d38fe06faa46e4cb94e1df657c71b88e7014ccc7f0b2ce078a3b980f60965438f60d62bd113a00cc81af51e400000003894fbb6cd8285ef1982ebf713609e849c5b1787e978a8423d64a9f9f2c8395254e968fabc62ee96b54712f4938b51e55d2fc5bc015300c923660e6cc33c71a9 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\IETld\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\InternetRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50571adea29dd701 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Zoom IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0823AB71-0996-11EC-BDFA-E2B03292F00A} = "0" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "337095031" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Toolbar IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\IntelliForms IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\PageSetup IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1672 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1672 IEXPLORE.EXE 1672 IEXPLORE.EXE 1424 IEXPLORE.EXE 1424 IEXPLORE.EXE 1424 IEXPLORE.EXE 1424 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 1308 wrote to memory of 1872 1308 MSOXMLED.EXE 27 PID 1308 wrote to memory of 1872 1308 MSOXMLED.EXE 27 PID 1308 wrote to memory of 1872 1308 MSOXMLED.EXE 27 PID 1308 wrote to memory of 1872 1308 MSOXMLED.EXE 27 PID 1872 wrote to memory of 1672 1872 iexplore.exe 28 PID 1872 wrote to memory of 1672 1872 iexplore.exe 28 PID 1872 wrote to memory of 1672 1872 iexplore.exe 28 PID 1872 wrote to memory of 1672 1872 iexplore.exe 28 PID 1672 wrote to memory of 1424 1672 IEXPLORE.EXE 29 PID 1672 wrote to memory of 1424 1672 IEXPLORE.EXE 29 PID 1672 wrote to memory of 1424 1672 IEXPLORE.EXE 29 PID 1672 wrote to memory of 1424 1672 IEXPLORE.EXE 29
Processes
-
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\masam\assets\fonts\Flaticon.svg.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:1308 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome2⤵
- Suspicious use of WriteProcessMemory
PID:1872 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1672 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1672 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1424
-
-
-