IOC Report
atencion_y_estimulacion_visual.msi

loading gif

Files

File Path
Type
Category
Malicious
atencion_y_estimulacion_visual.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page: 1252, Revision Number: {36A468D7-B112-481E-AC92-7F8529874C22}, Number of Words: 2, Subject: Atencin y estimulacin visual, Author: Inclusive Technology Ltd, Name of Creating Application: Advanced Installer 14.2.1 build 80371, Template: ;3082, Comments: Esta base de datos del instalador contiene la lgica y los datos necesarios para instalar Atencin y estimulacin visual., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\MSIDB26.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\MSIDBF2.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\MSIDC03.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\MSIDC23.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\MSIDE37.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\atencion_y_estimulacion_visual.msi"
C:\Windows\System32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E85D5D35B24865A3B7876DC8C57EC5ED C

URLs

Name
IP
Malicious
http://www.inclusive.comAI_UNINSTALLERmsiexec.exeDialogBitmapdialogALLUSERS1ButtonText_Yes&S
unknown
https://www.thawte.com/cps0/
unknown
https://www.thawte.com/repository0W
unknown
http://www.advancedinstaller.com0
unknown