Overview

overview

1

Static

static

1

weehow_car_htop.html

windows7-x64

1

weehow_car_htop.html

windows10-2004-x64

1

Resubmissions

04/06/2023, 20:54

230604-zp78asec91 1

04/06/2023, 20:36

230604-zd2ldadf95 1

Analysis

  • max time kernel
    146s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    04/06/2023, 20:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    weehow_car_htop.html

  • Size

    330B

  • MD5

    01635f79a55557629f7e727a010348fc

  • SHA1

    da23d9e1b3144140491b4314200889cf7284cb99

  • SHA256

    04671c3862e3a00a067947b31599dcd96f1c057cce35ac3895424bdc8bd3cb70

  • SHA512

    d87a8b8d48ea2311d06f80e884fbfca0b23bc1fb6bf47ccab1d236d9733bccb72d7298ec6e4ae64bf6ecd8457ca5a3bb29c94313cb573384deb35499695b6515

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\weehow_car_htop.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1536
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1536 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:584

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    277e0e8a5508dcbee2692d60d59143fa

    SHA1

    c78b091d0c2cd901586338cb3c58728e00e1b369

    SHA256

    a2a3c2bc942f1c5a82aa5efc9958d80b773a0b72698fe648a27d012c224f0b5e

    SHA512

    364e726392137f36acd480474cb63173d4fd616a5e95bf1cc667e871e25310364feb152b0d5439e91eb2afd7910ace74c856c2cc686e0fb0f10ee25f13f2e0a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1bfad73319e806ea47f2c7373d7211c5

    SHA1

    7a73b1a9a0323bba3c7e935bc5723c38a3f134d8

    SHA256

    2a17186a18fddb2e1f6fbebe75c101db7be69230fd3a99e65720b45301807c3f

    SHA512

    4ec5cd866a73755e15ce6f7424bbaf7269a1364f99063b22b32af0e9336cced244c96d08a70ce6cd489f3d2f8a6946f568b434b7609cc498310c663fc71800fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    53ad3d0d65c69472e3c288026edaf8ad

    SHA1

    0dc166921334204e026bffe7c4d403b12f910651

    SHA256

    41b7fc8f9a01062c99ec1835069a13d8b464f4b425dbf52b75361a37e683b46e

    SHA512

    e061220eb36aeeb63809e2892386bf7a322d3f1128801be028910bbfd7277e0a72d5b4b8e527658571fcd8325e1f5c413f21d5e06ce961b8f3780649e485f3a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    30c837928ee5cc2c64996e3e85cc61f5

    SHA1

    8761fc6492ead9e864057264211409b9aa6b2f5c

    SHA256

    3ee1a377a38eeb87f76c519f8cc2f33da5a88a68a5c6eb76681ddc115886d232

    SHA512

    810194fbfcb710bc3f3c89907358fa79e0096cf12dfa686e2f4a7b2e22e00a795e5ddbd1e8ef9fab8295fa658030870f72151701b0a73c363622ced17525fa6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bb03bf66fc0849b520460e7f0445f13c

    SHA1

    423f53bbb042f7edf28521bd3bdae5211586c657

    SHA256

    4cd7620ad5840ad27c02c034b1482032d29c8a6eede6b5f609ac1a49b1f4ccba

    SHA512

    7468722d9ba1597642105d4b8184759c7cb432fc02fc2662528f7295f5a503a8e784cd2d4c57d745e6fd00c055f5c7954a10524d29366b81f75caa115c2342d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aefb54bf21ae62918074e76ba74a013a

    SHA1

    e79e3ea552f0ccdbb0c97315bbeaeb5763ca1778

    SHA256

    1a2c23b820fcf999745e6458b2da75a3811987eb4e3d0e24e543ac6e305fb722

    SHA512

    6daa79ad5814e698e68177b22e0908bb28fd1fb4e1c6f73f335c5f02c656847d29450b8be91942f73235c02917a60c2321b986d4823131d3181a689bb6fe87b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    59b5a185bdf17691edb42733e813dc55

    SHA1

    921756068e4c3cbac2f9a3291d94c5d6613413e2

    SHA256

    c5095d52533a04d1c6e0951c3b3fc569a3760e8e15519f59c731865e35e27fd0

    SHA512

    62913c05ec4fab24482a1b4d35733ed4cc8afb98a38a60e7894f3c4a8b2da2352d9d88c64a9fafb8e0f4bde9b5607c29ccefea3937fe14b247bd16fae1b22d27

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV74ZOZO\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9A1F.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9AF0.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9B9F.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\204GLAEV.txt
    Filesize

    607B

    MD5

    39a614d96ecbb98ab2635f2cafbc9208

    SHA1

    8b91d1b3a0b0f5088ab17b6c335061f970693f8c

    SHA256

    8794fa1de545006de5bd1cccedd5ef726af483b032c714fb616a5fa90b26e1a3

    SHA512

    42fa5a6db0e118c158e41a525dc122df952273e4e024b92d72e10700c775d3dd773887b3f4ca31232770b485f9c6f1d19a66872a00ed86bd29cefc14ff3f4de5

    Download Submit