92174ba231accbdeffb5af3875088bcb76b7906507b7cdfdb4d29838b158cd75

Analysis

max time kernel
138s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/BetterInstaller.exe
Size

207KB
MD5

d79b88bab3231ebebd3c6505ab68ce56
SHA1

3222e8dab740ba1d640cc66a9cd36070969deb80
SHA256

d4032354c8ca3b93fd18414d6a7935bcecb18f25534b2259eeaf7d3081ec13ec
SHA512

b8afbd52e74d8611714a33bd80a907be8080195bd574ceb0aa8ce44520c9cf6c40ccce4a4db9be0808b8b5a6b7b0fee17ee42f9cca67d69152dd1f1d8ddd99a9
SSDEEP

3072:mQQVJ7raoxdBcJuAZ750rdOaq8GPquHKgtIwJID5E8hL4xZ2vyOJiRgV57vVsSIR:sV8oNkNNPygmVD5E+L4xKhzcFGe

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	BetterInstaller.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2168	BetterInstaller.exe
2168	BetterInstaller.exe

C:\Users\Admin\AppData\Local\Temp\$TEMP\BetterInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\BetterInstaller.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd68e162e498457805957fd67621cd6a

SHA1
241722b160f62fbfdb388a1eca565bf189506322

SHA256
a5e8062b6af56d57e7a16ee7058e527e8fe45e57661031f19f66bd97f6ed798b

SHA512
5e64c1e1ba8da4fbfbea1d3956cbd05190694ead7f17688714f45ae961c8f8978d16e0da593a958b9fa36f6174188b52e25dbd0a895f5a04a104e7dde22dfa4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbc314282ce4ea6cb85a50e904569359

SHA1
df5ad58caa5993680a44f3b609bcfbb415be3de0

SHA256
2a2d4fcbebeee87967b08eded744f3e8727a8cd7fdff9647517a51a76c7e66fd

SHA512
485370e284839277c1f13d408284667987331dfbd339b2d2849b42073bbb5d92a5d217a7a0aa6341b49c6c81ace78e04b8d567d908b6b76c60709eb8d8144b23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f058ca8e551633849c6881b00c88e1e

SHA1
67187ba1c4d4f0f4696652746468e6665661fd99

SHA256
615d65ef0316e5d6c63a5ac46385ca8fa46c3b3c07eb8fbed99d96337d09d7e2

SHA512
d4889e84a661f9fb43b7ec0b9269e3855a83dbd1cb7eb8b775f44b32ac320fd94704a675f3ee09d913d812a3f6b5ea089a21f2c4c38f9abd417b1ed90718557b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53e3463f712a126cb611e295a0a863b2

SHA1
bd0598bbb17a6362256bd4d625802e34f2bef512

SHA256
e98274f561f0845a98e8681a82bef6e856e00ec69e1a964a8353c117f257b1d4

SHA512
a5e0a9caea6a60341a11b75a021e5ac0c3d02488ddb39464fea57fd704b78c3b27f51b809325c5ccb59d8cbbb65f7cabbc37c0baf62e2e63f81fdc4052be21e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfdf8d54a3a0efc8e7ea62277e9ee7d1

SHA1
89083229abca4cc0e7edf61ef2abcd01d4ebd9f2

SHA256
9058e73c51aa0044116704b1ff98c13e82ca93727021ebecb7e5e9ae6f899fc8

SHA512
77598617c9bbf5941bf7a5e5eea64c688869a89a94b8e0f72ccac9c2a1e9adbd9e2f34973ad7a8821537e70a961adf0767a04a6fad7fad0c24bfe38977daf90e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4018cd55eb621fd22837ef51199a0dd

SHA1
4c26e1fc41fdc8303b6cb40f0bd673f5a5541d0e

SHA256
e9625a7d49fb8ce6a68f355f32a037491314c094f69a793bb54485b9ffc3b83f

SHA512
fec380e55f767a442d9e2de669967fb6c2b0e864d8f9eb4f8e2e70add70555e6e2f05bac90f509b35c907e31fbb3571f339f87aefd9a87b4754618b65a87c5f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
270c24173d50c3c25c67c4ad95dca44f

SHA1
044f97f074eaa293835538e4c98c29623c3a0d96

SHA256
735f815960ebd662011a3013080f72041bd5e005ffd5caa40fce98347a5ad3df

SHA512
366319a050db5991af5d7d3088226f2b8ce342abc7ed9e3dfc6d8fb4285c3e8cb6438d29526f8ed73352a214dde0e6c01984a4a4996fbe9b9e6ab6c616d9cb33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c20bf1d5d73510ea03bf8180c7202fc

SHA1
3e64c664e212bb7dfb3086f672e4bf3d68b240ea

SHA256
ce786d1d078410f1884b4a5219d1623c8c80eb9a4490357b44ca559fe408747a

SHA512
a0277ac9bd498109391922f7c7fbc9f988280685fa1b0f8d33d8f6e51e8f5bab76bfd334f38448e85e0699aff7561553c894a098c10d436d89fe489cbcb1d394

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
883addcb42fab09d816cc518f4ed59da

SHA1
c5474ef66c07ef282ccf4a1460415ed168f043e3

SHA256
2ee5c23edab9ee6fa5f7537954685ea58d63ecd3507c5523a7ba399579234f32

SHA512
b1137e362fd3b51836ac0f2e2e1445cf063d3928ed9276e6d779cc1cd5b2f1410813b431ecb9d0a491957702b15a4523d3cf29fcb3802afe6bcc6cf7b632c8d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab315F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3181.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3252.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2168-0-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/2168-493-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download