Automated Malware Analysis IOC Report for

Details

File:	C:\Config.Msi\52f118.rbs
Category:	dropped
Dump:	52f118.rbs.15.dr
ID:	dr_50
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.765215580439219
Encrypted:	false
Size:	20012
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\BPortal.exe
Category:	dropped
Dump:	BPortal.exe.15.dr
ID:	dr_60
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.377931217512233
Encrypted:	false
Size:	7439408
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\BistroPortal\BPortalWebUi.exe
Category:	dropped
Dump:	BPortalWebUi.exe.15.dr
ID:	dr_61
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.511022204440423
Encrypted:	false
Size:	501808
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\BistroPortal\chrome_100_percent.pak
Category:	dropped
Dump:	chrome_100_percent.pak.15.dr
ID:	dr_62
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	7.962774999271825
Encrypted:	false
Size:	698907
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\chrome_200_percent.pak
Category:	dropped
Dump:	chrome_200_percent.pak.15.dr
ID:	dr_63
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	7.949919971724352
Encrypted:	false
Size:	1102414
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\chrome_elf.dll
Category:	dropped
Dump:	chrome_elf.dll.15.dr
ID:	dr_64
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.39152942747882
Encrypted:	false
Size:	1047040
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\BistroPortal\d3dcompiler_47.dll
Category:	dropped
Dump:	d3dcompiler_47.dll.15.dr
ID:	dr_65
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.577665867424953
Encrypted:	false
Size:	4127200
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\BistroPortal\icudtl.dat
Category:	dropped
Dump:	icudtl.dat.15.dr
ID:	dr_38
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	6.282426578921538
Encrypted:	false
Size:	10717680
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\libEGL.dll
Category:	dropped
Dump:	libEGL.dll.15.dr
ID:	dr_40
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.624539208005159
Encrypted:	false
Size:	372224
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\BistroPortal\libGLESv2.dll
Category:	dropped
Dump:	libGLESv2.dll.15.dr
ID:	dr_41
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.830304670731726
Encrypted:	false
Size:	6623744
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\BistroPortal\libcef.dll
Category:	dropped
Dump:	libcef.dll.15.dr
ID:	dr_39
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.0222915284389185
Encrypted:	false
Size:	184750080
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\BistroPortal\locales\af.pak
Category:	dropped
Dump:	af.pak.15.dr
ID:	dr_69
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.406070117844225
Encrypted:	false
Size:	505719
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\am.pak
Category:	dropped
Dump:	am.pak.15.dr
ID:	dr_15
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.910188188750002
Encrypted:	false
Size:	818534
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\ar.pak
Category:	dropped
Dump:	ar.pak.15.dr
ID:	dr_9
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.9282978533371455
Encrypted:	false
Size:	899367
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\bg.pak
Category:	dropped
Dump:	bg.pak.15.dr
ID:	dr_31
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.680997563665144
Encrypted:	false
Size:	933709
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\bn.pak
Category:	dropped
Dump:	bn.pak.15.dr
ID:	dr_86
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.2960186773195055
Encrypted:	false
Size:	1201192
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\ca.pak
Category:	dropped
Dump:	ca.pak.15.dr
ID:	dr_84
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.388951450563665
Encrypted:	false
Size:	576806
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\cs.pak
Category:	dropped
Dump:	cs.pak.15.dr
ID:	dr_79
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.837363014724828
Encrypted:	false
Size:	585711
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\da.pak
Category:	dropped
Dump:	da.pak.15.dr
ID:	dr_71
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.442218672805516
Encrypted:	false
Size:	533503
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\de.pak
Category:	dropped
Dump:	de.pak.15.dr
ID:	dr_88
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.484036386154566
Encrypted:	false
Size:	574599
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\el.pak
Category:	dropped
Dump:	el.pak.15.dr
ID:	dr_78
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.763987537107214
Encrypted:	false
Size:	1023482
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\en-GB.pak
Category:	dropped
Dump:	en-GB.pak.15.dr
ID:	dr_25
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.512738069529928
Encrypted:	false
Size:	462067
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\en-US.pak
Category:	dropped
Dump:	en-US.pak.15.dr
ID:	dr_75
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.505689631415889
Encrypted:	false
Size:	466463
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\es-419.pak
Category:	dropped
Dump:	es-419.pak.15.dr
ID:	dr_66
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.3635983124026
Encrypted:	false
Size:	563241
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\es.pak
Category:	dropped
Dump:	es.pak.15.dr
ID:	dr_24
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.3435019760601135
Encrypted:	false
Size:	562061
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\et.pak
Category:	dropped
Dump:	et.pak.15.dr
ID:	dr_32
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.450847414764412
Encrypted:	false
Size:	512126
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\fa.pak
Category:	dropped
Dump:	fa.pak.15.dr
ID:	dr_10
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.052749921407986
Encrypted:	false
Size:	830323
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\fi.pak
Category:	dropped
Dump:	fi.pak.15.dr
ID:	dr_37
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.422012340902499
Encrypted:	false
Size:	520030
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\fil.pak
Category:	dropped
Dump:	fil.pak.15.dr
ID:	dr_68
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.1968721814732275
Encrypted:	false
Size:	587684
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\fr.pak
Category:	dropped
Dump:	fr.pak.15.dr
ID:	dr_72
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.375226452388306
Encrypted:	false
Size:	609324
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\gu.pak
Category:	dropped
Dump:	gu.pak.15.dr
ID:	dr_8
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.334788643266702
Encrypted:	false
Size:	1185706
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\he.pak
Category:	dropped
Dump:	he.pak.15.dr
ID:	dr_90
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.643704365072738
Encrypted:	false
Size:	731788
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\hi.pak
Category:	dropped
Dump:	hi.pak.15.dr
ID:	dr_81
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.306748845411917
Encrypted:	false
Size:	1259021
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\hr.pak
Category:	dropped
Dump:	hr.pak.15.dr
ID:	dr_80
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.505980202633742
Encrypted:	false
Size:	565274
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\hu.pak
Category:	dropped
Dump:	hu.pak.15.dr
ID:	dr_27
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.6340281443356455
Encrypted:	false
Size:	609694
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\id.pak
Category:	dropped
Dump:	id.pak.15.dr
ID:	dr_35
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.37562340533888
Encrypted:	false
Size:	503023
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\it.pak
Category:	dropped
Dump:	it.pak.15.dr
ID:	dr_12
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.2718506554077775
Encrypted:	false
Size:	560896
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\ja.pak
Category:	dropped
Dump:	ja.pak.15.dr
ID:	dr_89
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.720303722188199
Encrypted:	false
Size:	680743
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\kn.pak
Category:	dropped
Dump:	kn.pak.15.dr
ID:	dr_11
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.246701146576986
Encrypted:	false
Size:	1349791
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\ko.pak
Category:	dropped
Dump:	ko.pak.15.dr
ID:	dr_19
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	6.075968450636386
Encrypted:	false
Size:	572474
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\lt.pak
Category:	dropped
Dump:	lt.pak.15.dr
ID:	dr_30
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.629647155704153
Encrypted:	false
Size:	613423
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\lv.pak
Category:	dropped
Dump:	lv.pak.15.dr
ID:	dr_23
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.627623887847645
Encrypted:	false
Size:	613107
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\ml.pak
Category:	dropped
Dump:	ml.pak.15.dr
ID:	dr_67
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.281209398992985
Encrypted:	false
Size:	1403916
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\mr.pak
Category:	dropped
Dump:	mr.pak.15.dr
ID:	dr_13
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.312323876145511
Encrypted:	false
Size:	1157380
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\ms.pak
Category:	dropped
Dump:	ms.pak.15.dr
ID:	dr_87
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.250047457813333
Encrypted:	false
Size:	527111
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\nb.pak
Category:	dropped
Dump:	nb.pak.15.dr
ID:	dr_20
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.42479614368544
Encrypted:	false
Size:	511040
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\nl.pak
Category:	dropped
Dump:	nl.pak.15.dr
ID:	dr_82
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.359276347541212
Encrypted:	false
Size:	528559
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\pl.pak
Category:	dropped
Dump:	pl.pak.15.dr
ID:	dr_22
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.76022190179785
Encrypted:	false
Size:	590384
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\pt-BR.pak
Category:	dropped
Dump:	pt-BR.pak.15.dr
ID:	dr_17
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.417194504645817
Encrypted:	false
Size:	553708
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\pt-PT.pak
Category:	dropped
Dump:	pt-PT.pak.15.dr
ID:	dr_18
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.390828272818456
Encrypted:	false
Size:	558097
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\ro.pak
Category:	dropped
Dump:	ro.pak.15.dr
ID:	dr_14
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.447647583972153
Encrypted:	false
Size:	577101
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\ru.pak
Category:	dropped
Dump:	ru.pak.15.dr
ID:	dr_16
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.847298642890013
Encrypted:	false
Size:	945241
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\sk.pak
Category:	dropped
Dump:	sk.pak.15.dr
ID:	dr_28
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.807775521081244
Encrypted:	false
Size:	594543
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\sl.pak
Category:	dropped
Dump:	sl.pak.15.dr
ID:	dr_70
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.4772434286011995
Encrypted:	false
Size:	570781
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\sr.pak
Category:	dropped
Dump:	sr.pak.15.dr
ID:	dr_21
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.784566419222159
Encrypted:	false
Size:	877062
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\sv.pak
Category:	dropped
Dump:	sv.pak.15.dr
ID:	dr_34
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.534632365859153
Encrypted:	false
Size:	514900
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\sw.pak
Category:	dropped
Dump:	sw.pak.15.dr
ID:	dr_76
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.337666353659303
Encrypted:	false
Size:	541877
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\ta.pak
Category:	dropped
Dump:	ta.pak.15.dr
ID:	dr_33
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.054412205591541
Encrypted:	false
Size:	1400174
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\te.pak
Category:	dropped
Dump:	te.pak.15.dr
ID:	dr_77
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.312124608985589
Encrypted:	false
Size:	1289060
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\th.pak
Category:	dropped
Dump:	th.pak.15.dr
ID:	dr_85
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.362162671759777
Encrypted:	false
Size:	1083789
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\tr.pak
Category:	dropped
Dump:	tr.pak.15.dr
ID:	dr_83
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.6055979524748505
Encrypted:	false
Size:	553863
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\uk.pak
Category:	dropped
Dump:	uk.pak.15.dr
ID:	dr_73
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.8813924327722695
Encrypted:	false
Size:	943088
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\ur.pak
Category:	dropped
Dump:	ur.pak.15.dr
ID:	dr_36
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.172276750394299
Encrypted:	false
Size:	823414
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\vi.pak
Category:	dropped
Dump:	vi.pak.15.dr
ID:	dr_74
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.7878217840814905
Encrypted:	false
Size:	655895
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\zh-CN.pak
Category:	dropped
Dump:	zh-CN.pak.15.dr
ID:	dr_29
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	6.686931132266331
Encrypted:	false
Size:	473849
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\locales\zh-TW.pak
Category:	dropped
Dump:	zh-TW.pak.15.dr
ID:	dr_26
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	6.697094283435565
Encrypted:	false
Size:	471122
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\resources.pak
Category:	dropped
Dump:	resources.pak.15.dr
ID:	dr_42
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	7.997373703205281
Encrypted:	true
Size:	8295458
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\snapshot_blob.bin
Category:	dropped
Dump:	snapshot_blob.bin.15.dr
ID:	dr_43
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	4.2132726447817275
Encrypted:	false
Size:	314276
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\v8_context_snapshot.bin
Category:	dropped
Dump:	v8_context_snapshot.bin.15.dr
ID:	dr_44
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.139555956588132
Encrypted:	false
Size:	682739
Whitelisted:	false

Details

File:	C:\Program Files (x86)\BistroPortal\vk_swiftshader.dll
Category:	dropped
Dump:	vk_swiftshader.dll.15.dr
ID:	dr_45
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.661563379540429
Encrypted:	false
Size:	4533248
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\BistroPortal\vulkan-1.dll
Category:	dropped
Dump:	vulkan-1.dll.15.dr
ID:	dr_46
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.813774756640116
Encrypted:	false
Size:	830976
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BistroPortal\Amadeus Bistro Portal.lnk
Category:	dropped
Dump:	Amadeus Bistro Portal.lnk0.15.dr
ID:	dr_49
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Apr 17 11:01:44 2024, mtime=Thu Apr 25 06:11:48 2024, atime=Wed Apr 17 11:01:44 2024, length=7439408, window=hidenormal
Entropy:	3.629788894362065
Encrypted:	false
Size:	2087
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\Public\Desktop\Amadeus Bistro Portal.lnk
Category:	dropped
Dump:	Amadeus Bistro Portal.lnk.15.dr
ID:	dr_48
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Apr 17 11:01:44 2024, mtime=Thu Apr 25 06:11:40 2024, atime=Wed Apr 17 11:01:44 2024, length=7439408, window=hidenormal
Entropy:	3.626374500347329
Encrypted:	false
Size:	2069
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 06:09:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9893635497759967
Encrypted:	false
Size:	2673
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 06:09:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.005403580279208
Encrypted:	false
Size:	2675
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.011035180845432
Encrypted:	false
Size:	2689
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 06:09:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.004005528673931
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 06:09:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9922414284624
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 06:09:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.000243250166988
Encrypted:	false
Size:	2679
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\Downloads\BistroPortal_9.10.102_setup_de.msi (copy)
Category:	dropped
Dump:	Unconfirmed 365049.crdownload.0.dr
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Amadeus Bistro Portal, Author: Amadeus Leisure IT GmbH, Keywords: Installer, Comments: This installer database contains the logic and data required to install Amadeus Bistro Portal., Template: Intel;1031, Revision Number: {7DE516CC-454E-46AF-B433-9115142FC1B5}, Create Time/Date: Thu Apr 18 09:32:18 2024, Last Saved Time/Date: Thu Apr 18 09:32:18 2024, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\Downloads\Unconfirmed 365049.crdownload
Category:	dropped
Dump:	Unconfirmed 365049.crdownload.0.dr
ID:	dr_7
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Amadeus Bistro Portal, Author: Amadeus Leisure IT GmbH, Keywords: Installer, Comments: This installer database contains the logic and data required to install Amadeus Bistro Portal., Template: Intel;1031, Revision Number: {7DE516CC-454E-46AF-B433-9115142FC1B5}, Create Time/Date: Thu Apr 18 09:32:18 2024, Last Saved Time/Date: Thu Apr 18 09:32:18 2024, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
Entropy:	7.996202747001674
Encrypted:	true
Size:	103907328
Whitelisted:	false

Details

File:	C:\Users\user\Downloads\e7b29052-a764-44ea-82c4-1af9067154bd.tmp
Category:	dropped
Dump:	e7b29052-a764-44ea-82c4-1af9067154bd.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Composite Document File V2 Document, Can't read SAT
Entropy:	6.704152646960082
Encrypted:	false
Size:	47942
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the user directory	System Summary	Masquerading

Details

File:	C:\Windows\Installer\MSI27EA.tmp
Category:	modified
Dump:	MSI27EA.tmp.15.dr
ID:	dr_52
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.646208142644182
Encrypted:	false
Size:	216496
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Windows\Installer\MSIFDAA.tmp
Category:	dropped
Dump:	MSIFDAA.tmp.15.dr
ID:	dr_58
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	6.697264326485395
Encrypted:	false
Size:	262312
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading

Details

File:	C:\Windows\Installer\SourceHash{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}
Category:	dropped
Dump:	SourceHash{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}.15.dr
ID:	dr_54
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	Composite Document File V2 Document, Cannot read section info
Entropy:	1.1750688931498123
Encrypted:	false
Size:	20480
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading

Details

File:	C:\Windows\Installer\{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}\BistroIcon
Category:	dropped
Dump:	BistroIcon.15.dr
ID:	dr_47
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	MS Windows icon resource - 5 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel
Entropy:	6.233079555263414
Encrypted:	false
Size:	24302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading

Details

File:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
Category:	dropped
Dump:	ngen.log.15.dr
ID:	dr_57
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	5.356173806951392
Encrypted:	false
Size:	454234
Whitelisted:	false

Details

File:	C:\Windows\Temp\~DF2F8BE6BDDAAD0D12.TMP
Category:	dropped
Dump:	~DF2F8BE6BDDAAD0D12.TMP.15.dr
ID:	dr_51
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	0.0
Encrypted:	false
Size:	512
Whitelisted:	false

Details

File:	C:\Windows\Temp\~DF425179CC499F46DB.TMP
Category:	dropped
Dump:	~DF425179CC499F46DB.TMP.15.dr
ID:	dr_53
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	0.07918479107267518
Encrypted:	false
Size:	32768
Whitelisted:	false

Details

File:	C:\Windows\Temp\~DF589E67984BA26261.TMP
Category:	dropped
Dump:	~DF589E67984BA26261.TMP.15.dr
ID:	dr_55
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	0.14886267819942273
Encrypted:	false
Size:	73728
Whitelisted:	false

Details

File:	C:\Windows\Temp\~DF7FFB6D8BB0475148.TMP
Category:	dropped
Dump:	~DF7FFB6D8BB0475148.TMP.15.dr
ID:	dr_59
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	Composite Document File V2 Document, Cannot read section info
Entropy:	1.2764586799648674
Encrypted:	false
Size:	32768
Whitelisted:	false

Details

File:	C:\Windows\Temp\~DF937DDAE1C8A256A4.TMP
Category:	dropped
Dump:	~DF937DDAE1C8A256A4.TMP.15.dr
ID:	dr_56
Target ID:	15
Process:	C:\Windows\System32\msiexec.exe
Type:	Composite Document File V2 Document, Cannot read section info
Entropy:	1.596052621338984
Encrypted:	false
Size:	20480
Whitelisted:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://bpupdate.amadeus-leisure-it.com/9.10.102/BistroPortal_9.10.102_setup_de.msi

Files

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://bpupdate.amadeus-leisure-it.com/9.10.102/BistroPortal_9.10.102_setup_de.msi

Files

Domains

IPs

IOC Report
https://bpupdate.amadeus-leisure-it.com/9.10.102/BistroPortal_9.10.102_setup_de.msi