d68d39f6e8e3feb76604def44b3e6b84b1e12898973bb706bc973d5acfb313f3

Analysis

max time kernel
141s
max time network
145s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7159d67905db8bd72ffa7889a805afa9.exe
Size

154KB
MD5

7159d67905db8bd72ffa7889a805afa9
SHA1

5d9c6a3ce820918978852f042d81600429b0f0a1
SHA256

d68d39f6e8e3feb76604def44b3e6b84b1e12898973bb706bc973d5acfb313f3
SHA512

7a5f69139edfd8eb2be8abdc42e8a24438f91a6b4960279fa4ad5036ec0a0515324af7c1a4ddd24e3d0aea45fc779ae4236905ca908270f7630cc3c000e0184e
SSDEEP

3072:y22ihA0m3BJP0A0v5CiJBqkp3O88VCca/VDILzRyTjZzb:tA0m3D0AUkkp1BI4nhb

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2316	BetterInstaller.exe

Loads dropped DLL 1 IoCs

pid	Process
588	7159d67905db8bd72ffa7889a805afa9.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7159d67905db8bd72ffa7889a805afa9.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterInstaller.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	BetterInstaller.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2316	BetterInstaller.exe
2316	BetterInstaller.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 588 wrote to memory of 2316	588	7159d67905db8bd72ffa7889a805afa9.exe	31
PID 588 wrote to memory of 2316	588	7159d67905db8bd72ffa7889a805afa9.exe	31
PID 588 wrote to memory of 2316	588	7159d67905db8bd72ffa7889a805afa9.exe	31
PID 588 wrote to memory of 2316	588	7159d67905db8bd72ffa7889a805afa9.exe	31
PID 588 wrote to memory of 2316	588	7159d67905db8bd72ffa7889a805afa9.exe	31
PID 588 wrote to memory of 2316	588	7159d67905db8bd72ffa7889a805afa9.exe	31
PID 588 wrote to memory of 2316	588	7159d67905db8bd72ffa7889a805afa9.exe	31

C:\Users\Admin\AppData\Local\Temp\7159d67905db8bd72ffa7889a805afa9.exe
"C:\Users\Admin\AppData\Local\Temp\7159d67905db8bd72ffa7889a805afa9.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:588
- C:\Users\Admin\AppData\Local\Temp\BetterInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\BetterInstaller.exe" /affid "imagebadgerroox" /id "imagebadgercbnc" /name "ImageBadger"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd32d12fb8459a78d969e597be203b1d

SHA1
4f474f55cc316e0d5afd2c9ba32fba8a59601e94

SHA256
1302585c49a9d8393832567bd81d7f8b795c5e561536d1affc44d6c97a7923d7

SHA512
965f256ed573e1f6286209a56428d914cb45b1ac5626022c90b6cdb7101e6940293c525353a483b4586575b532f81c9fedbdbe7af841430f4cfb796802d02ce7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
102ef326228ce33dcadb9fa68d0ae43a

SHA1
115c6694aa160a53cb6c3e0fb88c04255ffa2299

SHA256
8228c11a53117302141e838d55fa78137ceca3128a0d39639b5ae8bb5a426247

SHA512
5797dee01bf0f7add788b93fa31867f6a5ac8b88aaeebfda78165e5ac72f2891517d41c38aca54321ac40c06f0f228895956bc1a6d61b1c2db97b98c2c4a7614

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fa71578f027a9a57e2f35e2b84a9dcd

SHA1
cb590dd1cb29d03a11ca3a2a7dd4d8bfe3d15211

SHA256
0b0278d7f7db8cacf4fd4abb2de3c595988f67d5223318db88f8b849591cb918

SHA512
946153f3d97765a0b9c04dc2f624e4e9f7e5712839219cda17720c1688cd4d6452068e283fe3ce6cdaa7cc674b939e9784bd13a7958ee351023379411c2d721e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d695253e788308a7988a68307976d561

SHA1
ee647b434dcf600cae9c2d04b874c9d11f86edcc

SHA256
71a32cc09c31d432843d1c23ed28ecb0a852dcbbaa91a151c4606529aa8cdf78

SHA512
c5ed7d206b4ade09445d65ae8f25845482a4bbd1c913854fdfae4274f8e35c5eac28322edece8e2fae1e2ccfae1b84a225aa142b67e62850903a1731b19068df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2da98a175affc29ce6d9153c72d71fce

SHA1
79a7176d46e2bbe0cba59a13ad77efbce45c3062

SHA256
bc9bbc5492640303a53fe40b9ba784878581258ad07dabb09fa145d16c1c2ecb

SHA512
f0fbd57d106ec3519e5fad77eb3c109e4c021f904cf954133574d491994d77a0aae4e53bc3a8d2e30fa7bd05417a933d9ae860a9112dc54b7f15cc5f44393bef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8fece736ad0b7a4dae983f47bc4bba33

SHA1
ac09d477cae78623838b3890db28128e34421e09

SHA256
6dd8ecfe89c0790f176e8b50c57d417b892b6401cefa6a836fb6071a066970d5

SHA512
136dab49b20a49c3c2bf3fc5661d940341b23b195aae58a39562e256e0f70368b1bc15735a85a8c121b9f2ceebe2efc008afd8756adf75db7100cebf2fb2ef37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d531a8b84d4dc9508db965fb23e50b5

SHA1
3e8ffe13e8d926a3fb3f599a552d4f03b59a3d8c

SHA256
be3fb722e48da3814aa018b2c09b6047cdd5121ac00815d85337671e5cfd4528

SHA512
290e5f8216f02c11626e89ffbed3b846ca979d7c0c0d2ee7bfbc7075853dabf2b4fd24b1844ae755fee26104fc40656bcc1298f8c72625721318e0364cd5c4a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f9acd84a34978497d927fd54a71c9d6

SHA1
75b128eaff23a597cdab5faf869172559ccd9be7

SHA256
1383df9629180a7dba658bf865cf05878dbd239f0f5fac51e695d93ee7f0f3f0

SHA512
963c0f11cea50107708de9ae6c798de466ce760015c4e34bb53bb68c2e09d8da5f8d763f3fb5d4607ee049b31fc2408b38b3256767dc2b16193510cb0fcfd72c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE6D8.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE797.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\config.ini

Filesize
98B

MD5
1c7a095b75ef7849dc48ad7b05b36af4

SHA1
a5614e1f80ad0776264acec3b35a3e0326aa1d1a

SHA256
7ed5c42e304cb13c36d8853f85fa804f41ae4052e847ecc2011dab6ff6426f08

SHA512
51c46fe4e30cbe4157d8b8bf8be67a154af2a546af42971f68d2d185c30c1b4c1ae540658e0ca0a24bae1baeeb0ddd0e3ddf3773de58a21eedfb318dd6523e49

Download Submit
\Users\Admin\AppData\Local\Temp\BetterInstaller.exe

Filesize
207KB

MD5
d79b88bab3231ebebd3c6505ab68ce56

SHA1
3222e8dab740ba1d640cc66a9cd36070969deb80

SHA256
d4032354c8ca3b93fd18414d6a7935bcecb18f25534b2259eeaf7d3081ec13ec

SHA512
b8afbd52e74d8611714a33bd80a907be8080195bd574ceb0aa8ce44520c9cf6c40ccce4a4db9be0808b8b5a6b7b0fee17ee42f9cca67d69152dd1f1d8ddd99a9

Download Submit
memory/588-13-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2316-14-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2316-470-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download