Malware analysis PennyBee.exe Malicious activity | ANY.RUN

Add for printing

File name:	PennyBee.exe
Full analysis:	https://app.any.run/tasks/3eb9e5aa-e932-4167-be12-3c3739303717
Verdict:	Malicious activity
Analysis date:	February 20, 2024, 03:35:20
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:	CE82328636D917085664F07AE6767EF5
SHA1:	71DDC153477522370420C4AB0FD2479AA996C2DC
SHA256:	A304949D56D4664B807A02D60243122DD59804F1AE0BBD49AFD02B189CA1DDDC
SSDEEP:	24576:gAI6AqbWn4JIpinBu6cawNouAufc6Udx2SR9U0J0oRgNgjDUztYXnVe72896LFtC:jI6AqbWn4JIpinBu6cawNLAufc6Udx2P

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: off
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - PennyBee.exe (PID: 1836)
  - PennyBee.exe (PID: 2772)
- Opens an HTTP connection (SCRIPT)
  - lyricsgizm.exe (PID: 1780)
- Creates internet connection object (SCRIPT)
  - lyricsgizm.exe (PID: 1780)
SUSPICIOUS
- Executable content was dropped or overwritten
  - PennyBee.exe (PID: 1836)
  - PennyBee.exe (PID: 2772)
- Malware-specific behavior (creating "System.dll" in Temp)
  - PennyBee.exe (PID: 1836)
- The process creates files with name similar to system file names
  - PennyBee.exe (PID: 1836)
- Reads security settings of Internet Explorer
  - PennyBee.exe (PID: 1836)
  - PennyBee.exe (PID: 2772)
  - lyricsgizm.exe (PID: 1780)
- Creates a software uninstall entry
  - PennyBee.exe (PID: 1836)
  - PennyBee.exe (PID: 2772)
- Reads the Internet Settings
  - PennyBee.exe (PID: 1836)
  - lyricsgizm.exe (PID: 2892)
  - PennyBee.exe (PID: 2772)
  - lyricsgizm.exe (PID: 2568)
  - lyricsgizm.exe (PID: 1780)
- The process executes via Task Scheduler
  - lyricsgizm.exe (PID: 2432)
  - lyricsgizm.exe (PID: 2616)
- Searches for installed software
  - PennyBee.exe (PID: 2772)
INFO
- Checks supported languages
  - PennyBee.exe (PID: 1836)
  - lyricsgizm.exe (PID: 2892)
  - lyricsgizm.exe (PID: 2432)
  - PennyBee.exe (PID: 2772)
  - lyricsgizm.exe (PID: 1780)
  - lyricsgizm.exe (PID: 2568)
  - lyricsgizm.exe (PID: 2616)
- Reads the computer name
  - PennyBee.exe (PID: 1836)
  - lyricsgizm.exe (PID: 2892)
  - lyricsgizm.exe (PID: 2432)
  - PennyBee.exe (PID: 2772)
  - lyricsgizm.exe (PID: 1780)
  - lyricsgizm.exe (PID: 2568)
  - lyricsgizm.exe (PID: 2616)
- Checks proxy server information
  - PennyBee.exe (PID: 1836)
  - lyricsgizm.exe (PID: 2892)
  - lyricsgizm.exe (PID: 2432)
  - PennyBee.exe (PID: 2772)
  - lyricsgizm.exe (PID: 2568)
  - lyricsgizm.exe (PID: 1780)
  - lyricsgizm.exe (PID: 2616)
- Creates files in the program directory
  - PennyBee.exe (PID: 1836)
- Create files in a temporary directory
  - PennyBee.exe (PID: 1836)
  - PennyBee.exe (PID: 2772)
- Reads the machine GUID from the registry
  - PennyBee.exe (PID: 1836)
  - lyricsgizm.exe (PID: 2892)
  - lyricsgizm.exe (PID: 2432)
  - PennyBee.exe (PID: 2772)
  - lyricsgizm.exe (PID: 1780)
  - lyricsgizm.exe (PID: 2568)
  - lyricsgizm.exe (PID: 2616)
- Creates files or folders in the user directory
  - PennyBee.exe (PID: 1836)
- Manual execution by a user
  - PennyBee.exe (PID: 2772)
- Reads Environment values
  - lyricsgizm.exe (PID: 1780)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	NSIS - Nullsoft Scriptable Install System (94.8)
.exe	\|	Win32 Executable MS Visual C++ (generic) (3.4)
.dll	\|	Win32 Dynamic Link Library (generic) (0.7)
.exe	\|	Win32 Executable (generic) (0.5)
.exe	\|	Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2009:06:06 21:41:54+00:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, 32-bit
PEType:	PE32
LinkerVersion:	6
CodeSize:	23552
InitializedDataSize:	119808
UninitializedDataSize:	1024
EntryPoint:	0x323c
OSVersion:	4
ImageVersion:	6.1
SubsystemVersion:	4
Subsystem:	Windows GUI
FileVersionNumber:	3.0.0.0
ProductVersionNumber:	3.0.0.0
FileFlagsMask:	0x0000
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	ASCII
CompanyName:	lyricsgizm
FileDescription:	Main Installer
FileVersion:	3.0.0.0
LegalCopyright:	Copyright lyricsgizm
ProductName:	Installer
ProductVersion:	3.0.0.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

1780

C:\ProgramData\lyricsgizm\lyricsgizm.exe

PennyBee.exe

User:

admin

Company:

Video Song Gizmos Agent

Integrity Level:

HIGH

Exit code:

Version:

1.1.0.12

Modules

Images
c:\programdata\lyricsgizm\lyricsgizm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll

1836

"C:\Users\admin\Desktop\PennyBee.exe"

C:\Users\admin\Desktop\PennyBee.exe

explorer.exe

User:

admin

Company:

lyricsgizm

Integrity Level:

HIGH

Description:

Main Installer

Exit code:

Version:

3.0.0.0

Modules

Images
c:\users\admin\desktop\pennybee.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll

2432

C:\ProgramData\lyricsgizm\lyricsgizm.exe /task=4 /InstallOn=0 /closebr=0 /active=24 /update=24 /interval=2880 /pubId=1001 /affId=10010047 /appId=111 /uId={48256522-66D1-4197-8D11-28FBCF0BF061} /version=3.0.0.0 /Override=false /IEhome=0 /IEsearch=0 /FFhome=0 /FFsearch=0 /CHhome=0 /CHsearch=0 /FFaddon= /CHaddon= /AutoSP= /regAppName=lyricsgizm /curSID=S-1-5-21-1302019708-1500728564-335382590-1000 /logf=C:\Users\admin\AppData\Local\Temp\lyricsgizm_installer_{48256522-66D1-4197-8D11-28FBCF0BF061}_1708400145.txt /chPol=0 /mac=12A9866C77DE /tst=None

C:\ProgramData\lyricsgizm\lyricsgizm.exe

taskeng.exe

User:

SYSTEM

Company:

Video Song Gizmos Agent

Integrity Level:

SYSTEM

Exit code:

Version:

1.1.0.12

Modules

Images
c:\programdata\lyricsgizm\lyricsgizm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll

2568

"C:\ProgramData\lyricsgizm\lyricsgizm.exe" /InstallOn=0 /closebr=0 /active=24 /update=24 /interval=2880 /pubId=1001 /affId=10010047 /appId=111 /uId={48256522-66D1-4197-8D11-28FBCF0BF061} /version=3.0.0.0 /Override=true /Firstime=1 /IEhome=0 /IEsearch=0 /FFhome=0 /FFsearch=0 /CHhome=0 /CHsearch=0 /FFaddon= /CHaddon= /AutoSP= /regAppName=lyricsgizm /curSID=S-1-5-21-1302019708-1500728564-335382590-1000 /logf=C:\Users\admin\AppData\Local\Temp\lyricsgizm_installer_{48256522-66D1-4197-8D11-28FBCF0BF061}_1708400171.txt /chPol=0 /mac=12A9866C77DE /tst=None

C:\ProgramData\lyricsgizm\lyricsgizm.exe

PennyBee.exe

User:

admin

Company:

Video Song Gizmos Agent

Integrity Level:

HIGH

Exit code:

Version:

1.1.0.12

Modules

Images
c:\programdata\lyricsgizm\lyricsgizm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll

2616

C:\ProgramData\lyricsgizm\lyricsgizm.exe /task=4 /InstallOn=0 /closebr=0 /active=24 /update=24 /interval=2880 /pubId=1001 /affId=10010047 /appId=111 /uId={48256522-66D1-4197-8D11-28FBCF0BF061} /version=3.0.0.0 /Override=true /IEhome=0 /IEsearch=0 /FFhome=0 /FFsearch=0 /CHhome=0 /CHsearch=0 /FFaddon= /CHaddon= /AutoSP= /regAppName=lyricsgizm /curSID=S-1-5-21-1302019708-1500728564-335382590-1000 /logf=C:\Users\admin\AppData\Local\Temp\lyricsgizm_installer_{48256522-66D1-4197-8D11-28FBCF0BF061}_1708400171.txt /chPol=0 /mac=12A9866C77DE /tst=None

C:\ProgramData\lyricsgizm\lyricsgizm.exe

taskeng.exe

User:

SYSTEM

Company:

Video Song Gizmos Agent

Integrity Level:

SYSTEM

Exit code:

Version:

1.1.0.12

Modules

Images
c:\programdata\lyricsgizm\lyricsgizm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll

2772

"C:\Users\admin\Desktop\PennyBee.exe"

C:\Users\admin\Desktop\PennyBee.exe

explorer.exe

User:

admin

Company:

lyricsgizm

Integrity Level:

HIGH

Description:

Main Installer

Exit code:

Version:

3.0.0.0

Modules

Images
c:\users\admin\desktop\pennybee.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll

2892

"C:\ProgramData\lyricsgizm\lyricsgizm.exe" /InstallOn=0 /closebr=0 /active=24 /update=24 /interval=2880 /pubId=1001 /affId=10010047 /appId=111 /uId={48256522-66D1-4197-8D11-28FBCF0BF061} /version=3.0.0.0 /Override=false /Firstime=1 /IEhome=0 /IEsearch=0 /FFhome=0 /FFsearch=0 /CHhome=0 /CHsearch=0 /FFaddon= /CHaddon= /AutoSP= /regAppName=lyricsgizm /curSID=S-1-5-21-1302019708-1500728564-335382590-1000 /logf=C:\Users\admin\AppData\Local\Temp\lyricsgizm_installer_{48256522-66D1-4197-8D11-28FBCF0BF061}_1708400145.txt /chPol=0 /mac=12A9866C77DE /tst=None

C:\ProgramData\lyricsgizm\lyricsgizm.exe

PennyBee.exe

User:

admin

Company:

Video Song Gizmos Agent

Integrity Level:

HIGH

Exit code:

Version:

1.1.0.12

Modules

Images
c:\programdata\lyricsgizm\lyricsgizm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll

3668

"C:\Users\admin\Desktop\PennyBee.exe"

C:\Users\admin\Desktop\PennyBee.exe

—

explorer.exe

User:

admin

Company:

lyricsgizm

Integrity Level:

MEDIUM

Description:

Main Installer

Exit code:

3221226540

Version:

3.0.0.0

Modules

Images
c:\users\admin\desktop\pennybee.exe
c:\windows\system32\ntdll.dll

Add for printing

Total events

5 052

Read events

4 630

Write events

341

Delete events

Modification events


(PID) Process:	(1836) PennyBee.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	write	Name:	ProxyEnable
Value: 0
(PID) Process:	(1836) PennyBee.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	delete value	Name:	ProxyServer
Value:
(PID) Process:	(1836) PennyBee.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	delete value	Name:	ProxyOverride
Value:
(PID) Process:	(1836) PennyBee.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	delete value	Name:	AutoConfigURL
Value:
(PID) Process:	(1836) PennyBee.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	delete value	Name:	AutoDetect
Value:
(PID) Process:	(1836) PennyBee.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:	write	Name:	SavedLegacySettings
Value: 460000005C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(1836) PennyBee.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(1836) PennyBee.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(1836) PennyBee.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(1836) PennyBee.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
1836	PennyBee.exe	C:\Users\admin\AppData\Local\Temp\nsvEA3.tmp\System.dll		executable
		MD5:00A0194C20EE912257DF53BFE258EE4A	SHA256:DC4DA2CCADB11099076926B02764B2B44AD8F97CD32337421A4CC21A3F5448F3
1836	PennyBee.exe	C:\Users\admin\AppData\Local\Temp\lyricsgizm_installer_{48256522-66D1-4197-8D11-28FBCF0BF061}_1708400145.txt		text
		MD5:691D519A1F09EDF16E685DAF5482D4D2	SHA256:44A861F5315FEC45E70D2297A83C56D80913CED5288ECE0C8BF28FF737C3232F
1836	PennyBee.exe	C:\Users\admin\AppData\LocalLow\lyricsgizm\content\dgapi.js		text
		MD5:4255E16EB6203B8841CA19C6E60601CC	SHA256:E5452CC27BF7A867BFD8FE6D88DC84E9C989EE54EECC66BA130CD93DDD942E2D
1836	PennyBee.exe	C:\Users\admin\AppData\Local\Temp\nsvEA3.tmp\StdUtils.dll		executable
		MD5:21010DF9BC37DAFFCC0B5AE190381D85	SHA256:0EBD62DE633FA108CF18139BE6778FA560680F9F8A755E41C6AB544AB8DB5C16
1836	PennyBee.exe	C:\Users\admin\AppData\Local\Temp\nsvEA3.tmp\nsisos.dll		executable
		MD5:69806691D649EF1C8703FD9E29231D44	SHA256:BA79AB7F63F02ED5D5D46B82B11D97DAC5B7EF7E9B9A4DF926B43CEAC18483B6
1836	PennyBee.exe	C:\Users\admin\AppData\Local\Temp\nsvEA3.tmp\InstallerUtils.dll		executable
		MD5:9CFE9C3909B80653D530377226928B73	SHA256:F84402D3905A2C104DF84827BA6C94F42D689CBBA7E251B46036030CAC94B25A
1836	PennyBee.exe	C:\ProgramData\lyricsgizm\lyricsgizmutil.dll		executable
		MD5:46F39C128A247353360058ED6CB2A20D	SHA256:49E3CCAD13408316DFC8952C5211B58298DF5B6FDFCC3B5608AA0E97562536EB
1836	PennyBee.exe	C:\Users\admin\AppData\Local\Temp\nsvEA3.tmp\UserInfo.dll		executable
		MD5:7579ADE7AE1747A31960A228CE02E666	SHA256:564C80DEC62D76C53497C40094DB360FF8A36E0DC1BDA8383D0F9583138997F5
1836	PennyBee.exe	C:\ProgramData\lyricsgizm\logo.ico		image
		MD5:9B4521D6FBAED9652986A538ABFBDDD4	SHA256:5F5EFF0B19B3AAA79001F7063FA9916D5700538878312CE90F3D1834FE4423B2
1836	PennyBee.exe	C:\ProgramData\lyricsgizm\Uninstaller.exe		executable
		MD5:E4679FC77490E4DD89634C91ECEBCE81	SHA256:D3389D920F2268CA382A6924A85CB71D3DC8DB99F19AAC3777A1F59D47B10E7A

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

No HTTP requests

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
4	System	192.168.100.255:137	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted

DNS requests

Domain	IP	Reputation
ws.xcodelib.net	—	unknown
s.xcodelib.net	—	unknown

Threats

No threats detected

Add for printing

Process	Message
lyricsgizm.exe	02/20/24 03:35:55 (6906) -~- ProccesId: 2892, ThreadId: 2408 -~- SendStats -~- ws.xcodelib.net/ytlyrics/bho/report.php?type=install&sch=4&affId=10010047&pubId=1001&appId=111&agver=1.1.0.12&fferr=scss&chrerr=scss&guid={48256522-66D1-4197-8D11-28FBCF0BF061}&override=false&affIdLast=none&os=6.1&manu=&ff=115.0.2 (x86 en-US)&ch=109.0.5414.120&ie=11.0.9600.19596&mac=12A9866C77DE&newagnt=0&sltm=0&wktm=26&ltm=20_02_03_35_55&tst=none&x=112
lyricsgizm.exe	02/20/24 03:35:55 (6906) -~- ProccesId: 2892, ThreadId: 2408 -~- OnInitDialog -~- Starting agent process cmdline: "C:\ProgramData\lyricsgizm\lyricsgizm.exe" /InstallOn=0 /closebr=0 /active=24 /update=24 /interval=2880 /pubId=1001 /affId=10010047 /appId=111 /uId={48256522-66D1-4197-8D11-28FBCF0BF061} /version=3.0.0.0 /Override=false /Firstime=1 /IEhome=0 /IEsearch=0 /FFhome=0 /FFsearch=0 /CHhome=0 /CHsearch=0 /FFaddon= /CHaddon= /AutoSP= /regAppName=lyricsgizm /curSID=S-1-5-21-1302019708-1500728564-335382590-1000 /logf=C:\Users\admin\AppData\Local\Temp\lyricsgizm_installer_{48256522-66D1-4197-8D11-28FBCF0BF061}_1708400145.txt /chPol=0 /mac=12A9866C77DE /tst=None
lyricsgizm.exe	02/20/24 03:35:55 (6906) -~- ProccesId: 2892, ThreadId: 2408 -~- OnInitDialog -~- First time running
lyricsgizm.exe	02/20/24 03:35:55 (6906) -~- ProccesId: 2892, ThreadId: 2408 -~- FirstTimeStat -~- Install starting, sending stats
lyricsgizm.exe	02/20/24 03:36:01 (13656) -~- ProccesId: 2892, ThreadId: 2408 -~- SendStats -~- Error 12007 encountered at: Error 0x2ee7 at Failed HttpSendRequest
lyricsgizm.exe	02/20/24 03:36:01 (13656) -~- ProccesId: 2892, ThreadId: 2408 -~- UpdateRegistryFromArguments -~- Updating registry
lyricsgizm.exe	02/20/24 03:36:01 (13656) -~- ProccesId: 2892, ThreadId: 2408 -~- StartWorkerTasks -~- Starting tasks
lyricsgizm.exe	02/20/24 03:36:06 (17984) -~- ProccesId: 2892, ThreadId: 2408 -~- SendStats -~- ws.xcodelib.net/ytlyrics/bho/report.php?type=install_end&affId=10010047&pubId=1001&appId=111&agver=1.1.0.12&fferr=scss&chrerr=scss&guid={48256522-66D1-4197-8D11-28FBCF0BF061}&override=false&affIdLast=none&os=6.1&manu=&ff=115.0.2 (x86 en-US)&ch=109.0.5414.120&ie=11.0.9600.19596&mac=12A9866C77DE&newagnt=0&sltm=0&wktm=26&ltm=20_02_03_36_06&tst=none&x=112
lyricsgizm.exe	02/20/24 03:36:06 (17984) -~- ProccesId: 2892, ThreadId: 2408 -~- EndInstallStat -~- Install finished, sending stats
lyricsgizm.exe	02/20/24 03:36:06 (17984) -~- ProccesId: 2892, ThreadId: 2408 -~- SetTaskComment -~- Comment is: {"regs":{"ffErr":""}}

General Info

PennyBee.exe

CE82328636D917085664F07AE6767EF5

71DDC153477522370420C4AB0FD2479AA996C2DC

A304949D56D4664B807A02D60243122DD59804F1AE0BBD49AFD02B189CA1DDDC

24576:gAI6AqbWn4JIpinBu6cawNouAufc6Udx2SR9U0J0oRgNgjDUztYXnVe72896LFtC:jI6AqbWn4JIpinBu6cawNLAufc6Udx2P

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Opens an HTTP connection (SCRIPT)

Creates internet connection object (SCRIPT)

SUSPICIOUS

Executable content was dropped or overwritten

Malware-specific behavior (creating "System.dll" in Temp)

The process creates files with name similar to system file names

Reads security settings of Internet Explorer

Creates a software uninstall entry

Reads the Internet Settings

The process executes via Task Scheduler

Searches for installed software

INFO

Checks supported languages

Reads the computer name

Checks proxy server information

Creates files in the program directory

Create files in a temporary directory

Reads the machine GUID from the registry

Creates files or folders in the user directory

Manual execution by a user

Reads Environment values

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings