1111c6d4e534b6a777b8c22194e97ce2218436ec0767deeecf24c020d3ff452c

Analysis

max time kernel
143s
max time network
144s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMPDIR/BetterInstaller.exe
Size

193KB
MD5

9f633bcbad2408a47022010192d60863
SHA1

285a99a70ba7f9c85e0e572bfb69c2c648415d9f
SHA256

738a98aaf02f6f3077dc91aee772649f7bdd917bcdf0915ac7b3b449551ff7df
SHA512

d41fe61777ce34907f8c03e66bd4c07374ab21a988556572424dd7ceabeccf7ac0bd416710abc9a6a2749dd649bc7ba9e02b49c8ed24b58a57b132980609a3f3
SSDEEP

3072:9WyqvftCdBITVoNVLSIXbEsmJ+d5DkT4ndFcCLa3qUPX5HlVsSITV2hno:ry5sVrLKod5DFnhLanPZWB

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterInstaller.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	BetterInstaller.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1824	BetterInstaller.exe
1824	BetterInstaller.exe

C:\Users\Admin\AppData\Local\Temp\$TEMPDIR\BetterInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMPDIR\BetterInstaller.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8c08fe494a48df1e69d799b72cc857e4

SHA1
c3ece8bd7ecd185376284e740328bd9ec41f8a10

SHA256
e24d251fe7321dfe6b2cf81db0f943b917b48675968b8ec7d0981cccd36aead0

SHA512
00cd54703bf9b21aac062b6b7a4853b07153171772e2a72d8a7ddee7872c1caeb8ffc4d7d9ee7871933a522781fa022cf8bdd7f83bf7bd31580eec5541c983c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
fd949fd2358bdd38f7ba1f5a631e52b2

SHA1
022e2be3a8e80caf6f18942aa446f1ee598acb07

SHA256
ec81846536802bba5e53e5468cacb4f08af49ac0ea85e6fd06b02eea6feb1421

SHA512
0cd4996e92be4b7dd1ea5095e9d4475d25a433e5907bdce4013278eabada45760b358f12ecfc9c38521df6195862bd2f9a13bf2ac8dd8de7fd98be1fb8166edc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f57f63f630881d4d916de07da3add597

SHA1
812ca031c679dc2b30dce3cdea2c735ad2318d21

SHA256
5e9996e9d947b9f1715520b018dc9ee337384a8c84bb4c6ceefaf087f041e6b9

SHA512
310f05d667f1556ebaa4b9fa79bbefcdfcc05bd035ae239c356ad6e813ae957e2afe6e2a5cdf94835743b07b07e771ce5611ee7b1691df0c58a426d3c3def5e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
eace26c554d7ed24ddbf5ceb930d9432

SHA1
69432261a6eb6c0c401bad6962946d24399bd546

SHA256
c450e20d26ae3fe803f7c795ef4dc3ec86a7efb4168d363b1a8b344f8fae291f

SHA512
f884a55a664fb67b23c96f3adfce130a3ffe62cdecddd74cbae3acaa7259886188a95440f335028bd085b301c512bd43fcaeaffa210f18f59213788fa5dc3802

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a73eed10c4cb6ea3c47dc2f6c8a097fe

SHA1
2f90ed09ee2052baf56046fad8bee306608a7bf3

SHA256
f1a292552cd7ab83840d2bd52c089ae89576922ce559f14b76767c51e3be2af3

SHA512
8c9cdd3060cecaf3380edfba61867693e7783a138c7ec78d6cc1caef325b66c01c7287ebce6dc465650b285c597993c2ed2a54a8803a5285380ad92fa33ad58c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b8b0767b6fd1bc1ebcd2effe8c2f94c9

SHA1
53465aa7465f2e3baecdf8a27ffef129bb563329

SHA256
5dacae42a0fb8b8e6c6047daca248d168c8e5f0eee505ce47918d9901276e03a

SHA512
56475f87ec166ae5e76f717f3d144393f8bae273193d0c7edafd3a074a528f14b0bbe80d0d88d4fe2a42c0ffc93e204615233c6edfd312bcbbe158444fd833c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
00e03f927b3c8b51d9a2982e6cf611d8

SHA1
cdebe2e2f5d732ce38eda328d9ff1cbede8d9caa

SHA256
61fc044e9e2d47d8da8811681090b50044bed1136ec5ca83938cccb22c5ff8cb

SHA512
e53879fe2ce867adadedd467059ccf979bfd9fc3d91e7399055f84696659b0c99035318c9faed824ae51aaab154a73c68277f852c405372a857adcf4ebe85ea4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b4e2ceb4dd23e9740bd94edc8cf6b571

SHA1
ac6610c6ccbc1e004a5d11dc6158a06838286dcf

SHA256
1adee713cc05226c913d1843c396d7555919b8e974d0c8e9d4b6566db63fdd57

SHA512
a794199543bc5e72e8de5e7c062b747138c904428d434a48220138e5a29fefb607e3d4c9ff8cb77eafe06482e90ec6c56b52d7b39b011f34e105debfaad2e827

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5738297fb28f66be8c6639ddb494a93f

SHA1
fbf6be93d563a8fc6b671cf36541793c8115654f

SHA256
4169b37dcca016f06381a5e060893c6247cfcadba9fb6e751b5c137f46c22d5e

SHA512
86d35789b349ceac9629263c4852778f09899360f05a8bcb24898b767739349a5f0c402c6a92ea86457df109057794c1ffa625d4db1fbee9977ac32d3af7b908

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
874525a9bf6d672ff11052a8d041dbe5

SHA1
dc2ee897733bb4d458f2821e7ef3288a931df083

SHA256
6f80749c22ab408ddc122381113ea388a1807f80c95bb95a9328ee684b2e41bf

SHA512
b2343a254cca955480cca8494d536d317ec33840f6d3343f79b62e01b6301ba0c0ef5ee406fd6df29c1a10805b746a05f02f4dfd076d2487e0df146a9cf9b677

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab80E5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8194.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1824-0-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download