Overview
overview
3Static
static
masam/about-us.html
windows7_x64
1masam/about-us.html
windows10_x64
1masam/asse...y.html
windows7_x64
1masam/asse...y.html
windows10_x64
1masam/asse...vg.xml
windows7_x64
1masam/asse...vg.xml
windows10_x64
1masam/asse...vg.xml
windows7_x64
1masam/asse...vg.xml
windows10_x64
1masam/asse...vg.xml
windows7_x64
1masam/asse...vg.xml
windows10_x64
1masam/asse...vg.xml
windows7_x64
1masam/asse...vg.xml
windows10_x64
1masam/asse...pg.ps1
windows7_x64
1masam/asse...pg.ps1
windows10_x64
3masam/asse...pg.ps1
windows7_x64
1masam/asse...pg.ps1
windows10_x64
3masam/asse...min.js
windows7_x64
1masam/asse...min.js
windows10_x64
1masam/asse...ear.js
windows7_x64
1masam/asse...ear.js
windows10_x64
1masam/asse...min.js
windows7_x64
1masam/asse...min.js
windows10_x64
1masam/asse...ess.js
windows7_x64
1masam/asse...ess.js
windows10_x64
1masam/asse...aps.js
windows7_x64
1masam/asse...aps.js
windows10_x64
1masam/asse...ope.js
windows7_x64
1masam/asse...ope.js
windows10_x64
1masam/asse...tTo.js
windows7_x64
1masam/asse...tTo.js
windows10_x64
1masam/asse...box.js
windows7_x64
1masam/asse...box.js
windows10_x64
1Analysis
-
max time kernel
135s -
max time network
154s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
30-08-2021 05:33
Static task
static1
Behavioral task
behavioral1
Sample
masam/about-us.html
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral2
Sample
masam/about-us.html
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral3
Sample
masam/assets/css/owl.video.play.html
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral4
Sample
masam/assets/css/owl.video.play.html
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral5
Sample
masam/assets/fonts/Flaticon.svg.xml
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral6
Sample
masam/assets/fonts/Flaticon.svg.xml
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral7
Sample
masam/assets/fonts/fa-brands-400.svg.xml
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral8
Sample
masam/assets/fonts/fa-brands-400.svg.xml
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral9
Sample
masam/assets/fonts/fa-regular-400.svg.xml
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral10
Sample
masam/assets/fonts/fa-regular-400.svg.xml
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral11
Sample
masam/assets/fonts/fa-solid-900.svg.xml
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral12
Sample
masam/assets/fonts/fa-solid-900.svg.xml
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral13
Sample
masam/assets/images/banner/slider-1.jpg.ps1
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral14
Sample
masam/assets/images/banner/slider-1.jpg.ps1
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral15
Sample
masam/assets/images/banner/slider-3.jpg.ps1
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral16
Sample
masam/assets/images/banner/slider-3.jpg.ps1
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral17
Sample
masam/assets/js/TweenMax.min.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral18
Sample
masam/assets/js/TweenMax.min.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral19
Sample
masam/assets/js/appear.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral20
Sample
masam/assets/js/appear.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral21
Sample
masam/assets/js/bootstrap.min.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral22
Sample
masam/assets/js/bootstrap.min.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral23
Sample
masam/assets/js/circle-progress.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral24
Sample
masam/assets/js/circle-progress.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral25
Sample
masam/assets/js/gmaps.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral26
Sample
masam/assets/js/gmaps.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral27
Sample
masam/assets/js/isotope.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral28
Sample
masam/assets/js/isotope.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral29
Sample
masam/assets/js/jquery.countTo.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral30
Sample
masam/assets/js/jquery.countTo.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral31
Sample
masam/assets/js/jquery.fancybox.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral32
Sample
masam/assets/js/jquery.fancybox.js
Resource
win10v20210408
windows10_x64
General
-
Target
masam/assets/fonts/Flaticon.svg.xml
-
Size
383KB
-
MD5
f3425e20da8e7a8da3d61e45ca8aa362
-
SHA1
f71c09f2c63cf43128b63cc310198d1833daaf23
-
SHA256
a5ab573b316351179d070c23e72f767541c2ec260c6672d4a32cafebab2704c7
-
SHA512
89642835a3a5a1b0d27597dd870ccbab33a51542bccbef37313bcaa347ac2fa10d81f65f4c02017fbb113e0efc01c36baf58167ae145ed70431ef05eb15e4cbe
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3525823906" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0bb5fd6a29dd701 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033ac451bcbdfd94d8b3a1a1bbd83e2d100000000020000000000106600000001000020000000ec4f1093e06050c641f1a36e6cceb1cf2d0af9979887354307f71fb3f92d6cb2000000000e8000000002000020000000aa392c657738d68dfc9f5adad3f4db14e239f60f6c6d8b7917e43b0e08b523d420000000aa4dec5d0bc661954992bce81a4d7d2c08ba23b5892c6da8240fe1f64a90057040000000e84c1d93c49bbad42856ec8af236da329b88f626aa686681ba96e11f8f598033973bfd3ae85b3ac9e017567256a1a0c7b3e74937693df4fffcdc0f8224261ecf iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "337143594" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30907810" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "337111602" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8AFA5EF-0995-11EC-B2DB-56DFFBC7AD00} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3449261498" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3449261498" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30907810" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30907810" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30513ed6a29dd701 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033ac451bcbdfd94d8b3a1a1bbd83e2d100000000020000000000106600000001000020000000429e5e1bd80b4bda11dac740847b624ce91530b1f0f364881028e706f5b71d75000000000e8000000002000020000000cd69e3fb365c3be7ff93a405d65831347eb1b1e3c71de3cd41e0f61c4c4ba54c200000002fac18f6ed24c54521f99923c6549c5d52a777a0a0b8b7cf0d9ede93e304a5ae400000008eb8bf4110efed03378353bbdb42476780b93cb9e09e447ca9bc0cdd3fac48b3ea28c0cc0d72c98648d9f5e6ab2266a11231c3baf0768d183ac7a96b8252a9c6 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "337095008" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3664 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3664 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3664 iexplore.exe 3664 iexplore.exe 1244 IEXPLORE.EXE 1244 IEXPLORE.EXE 1244 IEXPLORE.EXE 1244 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 1108 wrote to memory of 3664 1108 MSOXMLED.EXE 75 PID 1108 wrote to memory of 3664 1108 MSOXMLED.EXE 75 PID 3664 wrote to memory of 1244 3664 iexplore.exe 77 PID 3664 wrote to memory of 1244 3664 iexplore.exe 77 PID 3664 wrote to memory of 1244 3664 iexplore.exe 77
Processes
-
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\masam\assets\fonts\Flaticon.svg.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:1108 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\masam\assets\fonts\Flaticon.svg.xml2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3664 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3664 CREDAT:82945 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1244
-
-