Overview
overview
7Static
static
303c76407f7...18.exe
windows7-x64
703c76407f7...18.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...in.dll
windows7-x64
1$PLUGINSDI...in.dll
windows10-2004-x64
1$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...st.dll
windows7-x64
1$PLUGINSDI...st.dll
windows10-2004-x64
1$TEMP/Smrt-Shpr.dll
windows7-x64
6$TEMP/Smrt-Shpr.dll
windows10-2004-x64
6$TEMP/Unin...rt.exe
windows7-x64
6$TEMP/Unin...rt.exe
windows10-2004-x64
6Bin/2.7.21...pr.dll
windows7-x64
6Bin/2.7.21...pr.dll
windows10-2004-x64
6cs/antiphi...g.html
windows7-x64
1cs/antiphi...g.html
windows10-2004-x64
1Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
20-06-2024 06:49
Static task
static1
Behavioral task
behavioral1
Sample
03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Dialer.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Dialer.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Install.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Install.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InstallerHelperPlugin.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InstallerHelperPlugin.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Uninst.dll
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Uninst.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$TEMP/Smrt-Shpr.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
$TEMP/Smrt-Shpr.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$TEMP/UninstShprRprt.exe
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
$TEMP/UninstShprRprt.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
Bin/2.7.21/Smrt-Shpr.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
Bin/2.7.21/Smrt-Shpr.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
cs/antiphishing/antiphishing.html
Resource
win7-20240611-en
Behavioral task
behavioral22
Sample
cs/antiphishing/antiphishing.html
Resource
win10v2004-20240508-en
General
-
Target
Bin/2.7.21/Smrt-Shpr.dll
-
Size
1.4MB
-
MD5
cf635a027568254594e08f730302906a
-
SHA1
cca981e933b36761c0475ced3e2c89c6fbdcd516
-
SHA256
e77bbe482b1645e899380772a172404848f31e1b2280b41a68403dbe732d197f
-
SHA512
25ecb5a385c56a6287442492d406e0ac1097363892a1e9c9a82f295b1fc27497f620c9ef3f693a00df1cfec332be0c0da06745838f7e968b30a5d866bfe3773a
-
SSDEEP
24576:AB6ZG+Qk1E7TKUC6R8TXcX1SWK+9n/j7PzqFg9w16:ABCG+Qk1sTrC6REXcXlVH7qFWw16
Malware Config
Signatures
-
Installs/modifies Browser Helper Object 2 TTPs 2 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
Processes:
regsvr32.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BBA3D1B0-02C0-4625-93EC-27FB1EA98079} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BBA3D1B0-02C0-4625-93EC-27FB1EA98079}\ = "Smart-Shopper2" regsvr32.exe -
Processes:
regsvr32.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{99819CC8-3111-410c-A2B7-38BB530386EE}\CLSID = "{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{3D773F1B-D2D2-4971-B3F4-73FCC894921C}\CLSID = "{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}" regsvr32.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Explorer Bars\{9BD56158-44D3-4C57-A4A3-3FBE94F19842}\BarSize = 2301000000000000 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{99819CC8-3111-410c-A2B7-38BB530386EE} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{99819CC8-3111-410c-A2B7-38BB530386EE}\ButtonText = "SmartShopper - Compare travel rates" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{3D773F1B-D2D2-4971-B3F4-73FCC894921C} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{3D773F1B-D2D2-4971-B3F4-73FCC894921C}\ClsidExtension = "{B6856926-5386-468f-B37D-685500A18D80}" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Explorer Bars\{9BD56158-44D3-4C57-A4A3-3FBE94F19842} regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Explorer Bars\{9BD56158-44D3-4C57-A4A3-3FBE94F19842}\ = "SmartShopper" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{99819CC8-3111-410c-A2B7-38BB530386EE}\Icon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Bin\\2.7.21\\Smrt-Shpr.dll,201" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{99819CC8-3111-410c-A2B7-38BB530386EE}\ClsidExtension = "{256E31AC-AC24-4882-A875-3F87158D35E2}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{3D773F1B-D2D2-4971-B3F4-73FCC894921C}\Default Visible = "Yes" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{3D773F1B-D2D2-4971-B3F4-73FCC894921C}\HotIcon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Bin\\2.7.21\\Smrt-Shpr.dll,204" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Explorer Bars regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{99819CC8-3111-410c-A2B7-38BB530386EE}\Default Visible = "Yes" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{99819CC8-3111-410c-A2B7-38BB530386EE}\HotIcon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Bin\\2.7.21\\Smrt-Shpr.dll,202" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{3D773F1B-D2D2-4971-B3F4-73FCC894921C}\ButtonText = "SmartShopper - Compare product prices" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{3D773F1B-D2D2-4971-B3F4-73FCC894921C}\Icon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Bin\\2.7.21\\Smrt-Shpr.dll,203" regsvr32.exe -
Modifies registry class 64 IoCs
Processes:
regsvr32.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8582F990-59BB-4846-B81F-6C25F0D9B70D}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Bin\\2.7.21\\Smrt-Shpr.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Smart-Shopper2.HbAx\ = "HbAx" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BBA3D1B0-02C0-4625-93EC-27FB1EA98079}\VersionIndependentProgID\ = "Smart-Shopper2.Smrt-ShprCtrl" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{256E31AC-AC24-4882-A875-3F87158D35E2} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8582F990-59BB-4846-B81F-6C25F0D9B70D}\ProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1277A995-C3E9-4EA1-8979-7CD377508533}\TypeLib\ = "{7FEE85C3-8006-4B4C-B696-9856959E084F}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8C12A7CA-C5FE-41FE-8F5B-88083F1E7CC0}\TypeLib\ = "{7FEE85C3-8006-4B4C-B696-9856959E084F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Smart-Shopper2.HbAx\CurVer regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Smart-Shopper2.HbInfoBand.1\CLSID\ = "{9BD56158-44D3-4C57-A4A3-3FBE94F19842}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BD56158-44D3-4C57-A4A3-3FBE94F19842}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Bin\\2.7.21\\Smrt-Shpr.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Smart-Shopper2.IEButton regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CDCB11E-588A-4079-BF00-CC3E77B59FF9}\Implemented Categories regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C12A7CA-C5FE-41FE-8F5B-88083F1E7CC0}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7FEE85C3-8006-4B4C-B696-9856959E084F}\1.0\0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CDCB11E-588A-4079-BF00-CC3E77B59FF9} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CDCB11E-588A-4079-BF00-CC3E77B59FF9}\ToolboxBitmap32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8582F990-59BB-4846-B81F-6C25F0D9B70D}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BBA3D1B0-02C0-4625-93EC-27FB1EA98079}\ProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{256E31AC-AC24-4882-A875-3F87158D35E2}\ProgID\ = "Smart-Shopper2.IEButtonA.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Smart-Shopper2.Smrt-ShprCtrl.1\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8C12A7CA-C5FE-41FE-8F5B-88083F1E7CC0} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8C12A7CA-C5FE-41FE-8F5B-88083F1E7CC0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B6856926-5386-468F-B37D-685500A18D80} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BBA3D1B0-02C0-4625-93EC-27FB1EA98079}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Bin\\2.7.21\\Smrt-Shpr.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8C12A7CA-C5FE-41FE-8F5B-88083F1E7CC0}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{75D461CC-D850-41DD-B62E-03F404D9AABC}\1.0\ = "HbExternalLib" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Smart-Shopper2.HbAx.1\ = "HbAx" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1277A995-C3E9-4EA1-8979-7CD377508533}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8346A35D-E391-4C1E-82F8-8C163841189C} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8346A35D-E391-4C1E-82F8-8C163841189C}\1.0\ = "PSClient 1.0 Type Library" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C12A7CA-C5FE-41FE-8F5B-88083F1E7CC0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{90BCC28B-B2BD-404B-8155-9778F422B9E3} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CDCB11E-588A-4079-BF00-CC3E77B59FF9}\Control regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BD56158-44D3-4C57-A4A3-3FBE94F19842}\VersionIndependentProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Smart-Shopper2.IEButton.1\CLSID\ = "{B6856926-5386-468F-B37D-685500A18D80}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B6856926-5386-468F-B37D-685500A18D80}\ProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BD56158-44D3-4C57-A4A3-3FBE94F19842}\Implemented Categories regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Smart-Shopper2.IEButton.1\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7FEE85C3-8006-4B4C-B696-9856959E084F}\1.0\ = "Smrt_Shpr 1.0 Type Library" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CDCB11E-588A-4079-BF00-CC3E77B59FF9}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8582F990-59BB-4846-B81F-6C25F0D9B70D}\VersionIndependentProgID\ = "Smart-Shopper2.IEButtonB" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{256E31AC-AC24-4882-A875-3F87158D35E2}\ProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C12A7CA-C5FE-41FE-8F5B-88083F1E7CC0}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Smart-Shopper2.IEButton\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B6856926-5386-468F-B37D-685500A18D80}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B6856926-5386-468F-B37D-685500A18D80}\TypeLib\ = "{7FEE85C3-8006-4B4C-B696-9856959E084F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Smart-Shopper2.IEButtonA regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BD56158-44D3-4C57-A4A3-3FBE94F19842}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Smart-Shopper2.IEButtonB.1\ = "IEButtonB" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Smart-Shopper2.Smrt-ShprCtrl.1\CLSID\ = "{BBA3D1B0-02C0-4625-93EC-27FB1EA98079}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8346A35D-E391-4C1E-82F8-8C163841189C}\1.0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{75D461CC-D850-41DD-B62E-03F404D9AABC} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CDCB11E-588A-4079-BF00-CC3E77B59FF9}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{256E31AC-AC24-4882-A875-3F87158D35E2}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Smart-Shopper2.IEButtonB\CLSID\ = "{8582F990-59BB-4846-B81F-6C25F0D9B70D}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8582F990-59BB-4846-B81F-6C25F0D9B70D}\ = "IEButtonB" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{256E31AC-AC24-4882-A875-3F87158D35E2}\Programmable regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Smart-Shopper2.HbInfoBand\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8346A35D-E391-4C1E-82F8-8C163841189C}\1.0\0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1277A995-C3E9-4EA1-8979-7CD377508533}\TypeLib\ = "{75D461CC-D850-41DD-B62E-03F404D9AABC}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1277A995-C3E9-4EA1-8979-7CD377508533}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1277A995-C3E9-4EA1-8979-7CD377508533}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CDCB11E-588A-4079-BF00-CC3E77B59FF9}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Bin\\2.7.21\\Smrt-Shpr.dll, 102" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Smart-Shopper2.IEButton\CurVer\ = "Smart-Shopper2.IEButton.1" regsvr32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 2988 wrote to memory of 3008 2988 regsvr32.exe regsvr32.exe PID 2988 wrote to memory of 3008 2988 regsvr32.exe regsvr32.exe PID 2988 wrote to memory of 3008 2988 regsvr32.exe regsvr32.exe PID 2988 wrote to memory of 3008 2988 regsvr32.exe regsvr32.exe PID 2988 wrote to memory of 3008 2988 regsvr32.exe regsvr32.exe PID 2988 wrote to memory of 3008 2988 regsvr32.exe regsvr32.exe PID 2988 wrote to memory of 3008 2988 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\Bin\2.7.21\Smrt-Shpr.dll1⤵
- Suspicious use of WriteProcessMemory
PID:2988 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\Bin\2.7.21\Smrt-Shpr.dll2⤵
- Installs/modifies Browser Helper Object
- Modifies Internet Explorer settings
- Modifies registry class
PID:3008