IndexUNE.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21
08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;3082, Number
of Pages: 200, Revision Number: {7D975D03-538A-48F2-AACF-AE7D6EDCECE4}, Title: IndexUNE, Author: UNE, Number of Words: 2,
Last Saved Time/Date: Mon Jul 5 07:45:52 2021, Last Printed: Mon Jul 5 07:45:52 2021
|
initial sample
|
|
|
|
Filetype: |
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21
08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;3082, Number
of Pages: 200, Revision Number: {7D975D03-538A-48F2-AACF-AE7D6EDCECE4}, Title: IndexUNE, Author: UNE, Number of Words: 2,
Last Saved Time/Date: Mon Jul 5 07:45:52 2021, Last Printed: Mon Jul 5 07:45:52 2021
|
Entropy: |
5.86204127989461
|
Filename: |
IndexUNE.msi
|
Filesize: |
543744
|
MD5: |
9565d67fff53497e167098fe77cfacae
|
SHA1: |
b09ea054d55881a6a5aa2f9f1452f2bcbf13d74d
|
SHA256: |
b215823c6a7b75d52fb07f04227be5d9ffb467d5bc45ec58076131c6c8ed5217
|
SHA512: |
46a0c476a9a42ee6c503bc8b26b2cb35d577bb69fbbec7b43ee09543a3e66911fa415c4bdde553ae619128507775ea8422a494a3cf4d4f7e05e6272ebd0459d3
|
SSDEEP: |
12288:0N5DlvgiHAcTmS80g9vTMx4yAyA5b0urHeGMfd7ADdAMAFE7:0NDYiPkLMcMfd7ADdAMAF6
|
Preview: |
........................>...................................8...................f...g...h...i...j..............................................................................................................................................................
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\CFGBE40.tmp
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\CFGBE40.tmp
|
Category: |
dropped
|
Dump: |
CFGBE40.tmp.3.dr
|
ID: |
dr_2
|
Target ID: |
3
|
Process: |
C:\Windows\SysWOW64\msiexec.exe
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
4.869476015399742
|
Encrypted: |
false
|
Ssdeep: |
3:vFWWMNHUz/cIMOoT02V7VKXRAmIRMNHNQAoe+RAW4QIMOov:TMV0kI002V7VQ7VNQAoeuAW4QIm
|
Size: |
123
|
Whitelisted: |
false
|
Reputation: |
moderate
|
|
C:\Users\user\AppData\Local\Temp\MSI9233.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\MSI9233.tmp
|
Category: |
dropped
|
Dump: |
MSI9233.tmp.0.dr
|
ID: |
dr_1
|
Target ID: |
0
|
Process: |
C:\Windows\System32\msiexec.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.503878741867183
|
Encrypted: |
false
|
Ssdeep: |
6144:juAO5lvgiHqfcTmGZ8009t0svTPxmx4yAyA5bDB+urH+npAMysZ3:aDlvgiHAcTmS80g9vTMx4yAyA5b0urHu
|
Size: |
305152
|
Whitelisted: |
false
|
Reputation: |
moderate
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\MSIBD37.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\MSIBD37.tmp
|
Category: |
dropped
|
Dump: |
MSIBD37.tmp.0.dr
|
ID: |
dr_0
|
Target ID: |
0
|
Process: |
C:\Windows\System32\msiexec.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.503878741867183
|
Encrypted: |
false
|
Ssdeep: |
6144:juAO5lvgiHqfcTmGZ8009t0svTPxmx4yAyA5bDB+urH+npAMysZ3:aDlvgiHAcTmS80g9vTMx4yAyA5b0urHu
|
Size: |
305152
|
Whitelisted: |
false
|
Reputation: |
moderate
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Creates temporary files |
System Summary |
|
|