267dce13a4f087f2f47c6855b142a07b1e81c3714a780af61784a1cc0e2f7b89

Analysis

max time kernel
141s
max time network
144s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-09-2024 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/BetterInstaller.exe
Size

207KB
MD5

d79b88bab3231ebebd3c6505ab68ce56
SHA1

3222e8dab740ba1d640cc66a9cd36070969deb80
SHA256

d4032354c8ca3b93fd18414d6a7935bcecb18f25534b2259eeaf7d3081ec13ec
SHA512

b8afbd52e74d8611714a33bd80a907be8080195bd574ceb0aa8ce44520c9cf6c40ccce4a4db9be0808b8b5a6b7b0fee17ee42f9cca67d69152dd1f1d8ddd99a9
SSDEEP

3072:mQQVJ7raoxdBcJuAZ750rdOaq8GPquHKgtIwJID5E8hL4xZ2vyOJiRgV57vVsSIR:sV8oNkNNPygmVD5E+L4xKhzcFGe

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterInstaller.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	BetterInstaller.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2204	BetterInstaller.exe
2204	BetterInstaller.exe

C:\Users\Admin\AppData\Local\Temp\$TEMP\BetterInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\BetterInstaller.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2ae03c0e8f383e7331903560e9d32fc

SHA1
ffd389404c687ff51ca61a94b912b7f60b0ee32e

SHA256
4e24744512f8c048dcd419de37475857c8f911923c44ee82a4d7d10d3f6b3726

SHA512
4d82fb98d9c22b3431158888c2ad61a6d96b17888d6f1784a13121ed28215a2b8df9daff3979208584d70ef1425de8017cd52d46dfe78078e26b667ec983e0a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8667cf13ba867a656b76609c6c7aea41

SHA1
87a7b507a093f55ee79a392f24a14652a5aefc80

SHA256
f5b9ca1750cee7dfbecd7a648376e39d0f818e6b61f8aa92037b351e0cc16ecc

SHA512
e6220107122317a8e7737f3a5617d9d45793931668696bb5f519b1013b8faf8e44b5e343175e34dd7c405e28cd73649827b6054946d829ee3174606442bb4070

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10682dc97879fe9228416368191bd131

SHA1
ae7d2cc0a4c4f0874404225d67b5ab0c61c299ce

SHA256
77171a7b88c2f81c0a52e24e14ee8bd2633c5c3b9a6c8e55611d8730c762c191

SHA512
070d8719e1d8636bc78fb851680c0b85bc4db92d1b1796f9c6ee0af18699ca22fc43cd7986f827566f2dcc4d194de2314c1ca9d40eb9434ebf782b27782cf03b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13049e60c1418a6e22d4ef1e2bd232e6

SHA1
b09f1f13e538d93df15eabff5a6497c363af291e

SHA256
508dc923002e2e7a22be9a274179e2452b1463355e6b5e0c9979078167d289f0

SHA512
2b4c23507f52b9f471ff6326308755235f9e325febabb7f42b7fa5ff6fd582821fdd9eb07c13b78c8921bfe10a88f8281720fd5d0f14bc15a0641e9571d475c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f546cc7036f9f1cc6f2e16e8b1e49206

SHA1
54bb38f13576190bdd9ee433734c2e9ce642621f

SHA256
c683e5bfaa57ba510a187d75af9974c59b31a16ccb6cb75c916ddab343b1e721

SHA512
32978be45d19aef0a1bebf7fdf013815b540c5681e8e50e24381bb255be27d276553c0f4f4bd653610358f034978c378bedc8756be351ef3b1cc4f64102c2e5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c716290cf48f2b18f0f71463fc003b2e

SHA1
60bffe00219726042db387c7bc9bebea20717052

SHA256
a2a2509fa3bfe954411b6f476e48d335fbba6f2e73d40209f4c6af10b629602b

SHA512
18efe739f92b18000ee31e411969d2a8b109deea89f445ca1f6c1f445e3d50dc2bcd384915cc16b9ac0c8ebba3332e48cd00640680b7b17c50e0e5b5e22de204

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6107f20f8ab631719a79eaff1e167e9d

SHA1
7a19c128b6cd91c3a79540281873a07a5c9da7e3

SHA256
e8b1c945b3b95db0108f23dccf8bd24b525ea7b443ab328400689ed896595419

SHA512
81fa35b28cc7020581370cdf8223d418a06ad7142ea2c8a3cab528ac46129dcbe4c95a0e6fdc66b2e8b3099f28eb2090ecc94366cdf2361bc69015e30ad0b137

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64d965e09373f2a4daeeae4261f288ab

SHA1
044ae3a73a9040c52656a72e311a97feeacf214a

SHA256
4ede04cbf335d079b820c6bc29d026190fe76f25aa80f05f515ea5cf16956f02

SHA512
71452847d65615ef264b3c449e36adee798337777d174fdee629b7b11ff547fb933eed9c480d423b312fa3831f21831616b3b97959d14703596bde5b1259181e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0eea15cb11951d29cf46c86336111b74

SHA1
60bc062d82a0e06287e37766aae793a512df1d9d

SHA256
ad791f02c4c578ce4a071ec97bf3f7377fb165da41cb70fba2cbb4039ebd493e

SHA512
8f766e9f071196b940d219d96d59bdc971feb37d36924d16b672a7aa2b2e298bf97c5a30dc0e722cac81313c23e589c0145d0cf5c2e1b4d681c1693e36344e00

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA3FF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA47E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2204-0-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/2204-452-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download