IOC Report
explorando-y-jugando.msi

loading gif

Files

File Path
Type
Category
Malicious
explorando-y-jugando.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page: 1252, Revision Number: {7AFBC8C6-179F-4DC5-B89F-9B7ED108178A}, Number of Words: 2, Subject: Explorando y Jugando, Author: Inclusive Technology Ltd, Name of Creating Application: Advanced Installer 14.2.1 build 80371, Template: ;3082, Comments: Esta base de datos del instalador contiene la lgica y los datos necesarios para instalar Explorando y Jugando., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\MSID66D.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\MSID7E5.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\MSID805.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\MSID815.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\MSID93F.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\explorando-y-jugando.msi"
C:\Windows\System32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A1D006493CD647BD2EC1A35C9661BDDE C

URLs

Name
IP
Malicious
http://www.inclusive.comAI_UNINSTALLERmsiexec.exeDialogBitmapdialogALLUSERS1ButtonText_Yes&S
unknown
https://www.thawte.com/cps0/
unknown
https://www.thawte.com/repository0W
unknown
http://www.advancedinstaller.com0
unknown