IOC Report
factura - ztcpyqiqtfiewxjhesna.msi

loading gif

Files

File Path
Type
Category
Malicious
factura - ztcpyqiqtfiewxjhesna.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Code page: 1252, Revision Number: {25351790-C36F-44E0-8F66-D671A1B9FD6F}, Number of Words: 10, Subject: Installer, Author: Installer, Name of Creating Application: Installer 64247, Template: ;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Security: 0, Number of Pages: 200
initial sample
 malicious
C:\Windows\Installer\54adcb.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Code page: 1252, Revision Number: {25351790-C36F-44E0-8F66-D671A1B9FD6F}, Number of Words: 10, Subject: Installer, Author: Installer, Name of Creating Application: Installer 64247, Template: ;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Security: 0, Number of Pages: 200
dropped
 malicious
C:\Windows\Installer\MSIAF24.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Installer\MSIB05E.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
modified
 malicious
C:\Config.Msi\54adcd.rbs
data
dropped
C:\Config.Msi\54add0.rbs
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 09:56:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 09:56:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 09:56:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 09:56:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 09:56:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Windows\Installer\MSIAF73.tmp
data
dropped
C:\Windows\Installer\MSIEBE.tmp
data
dropped
C:\Windows\Installer\SourceHash{53CFFB45-057F-4439-816F-97CF504AFF47}
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Windows\Temp\~DF1080C2F894881055.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF411F7E8CF6667194.TMP
data
dropped
C:\Windows\Temp\~DF5C1A373E8F2E241F.TMP
data
dropped
C:\Windows\Temp\~DF5DC33C3D0D26CA89.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF641850FA97708156.TMP
data
dropped
C:\Windows\Temp\~DFBDFC1D5A3CC8B4CB.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFE3030A96B9BC4BB8.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFFE622C466A75FE3A.TMP
data
dropped
Chrome Cache Entry: 319
ASCII text, with very long lines (21778), with no line terminators
downloaded
Chrome Cache Entry: 320
JSON data
downloaded
Chrome Cache Entry: 321
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 322
ASCII text, with very long lines (26415)
downloaded
Chrome Cache Entry: 323
ISO Media, AVIF Image
downloaded
Chrome Cache Entry: 324
Web Open Font Format, TrueType, length 73720, version 1.0
downloaded
Chrome Cache Entry: 326
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 327
TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon
downloaded
Chrome Cache Entry: 328
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 329
ASCII text
downloaded
Chrome Cache Entry: 330
ASCII text, with very long lines (21044)
downloaded
Chrome Cache Entry: 331
HTML document, Unicode text, UTF-8 text, with very long lines (9462)
downloaded
Chrome Cache Entry: 332
ISO Media, AVIF Image
downloaded
Chrome Cache Entry: 333
HTML document, ASCII text
downloaded
Chrome Cache Entry: 334
ASCII text
downloaded
Chrome Cache Entry: 335
PNG image data, 100 x 100, 1-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 336
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 337
ASCII text
downloaded
Chrome Cache Entry: 338
ASCII text, with very long lines (17673)
downloaded
Chrome Cache Entry: 339
ASCII text
downloaded
Chrome Cache Entry: 340
ASCII text, with very long lines (29189)
downloaded
Chrome Cache Entry: 341
ASCII text
downloaded
Chrome Cache Entry: 342
PNG image data, 64 x 36, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 343
Web Open Font Format (Version 2), TrueType, length 47212, version 0.0
downloaded
Chrome Cache Entry: 344
ASCII text, with very long lines (2642)
downloaded
Chrome Cache Entry: 345
Web Open Font Format (Version 2), TrueType, length 15340, version 1.0
downloaded
Chrome Cache Entry: 346
ASCII text
downloaded
Chrome Cache Entry: 347
ASCII text, with very long lines (3358)
downloaded
Chrome Cache Entry: 348
ASCII text, with very long lines (29778)
downloaded
Chrome Cache Entry: 349
JSON data
downloaded
Chrome Cache Entry: 350
ASCII text
downloaded
Chrome Cache Entry: 351
JSON data
downloaded
Chrome Cache Entry: 352
ASCII text
downloaded
Chrome Cache Entry: 353
ISO Media, AVIF Image
downloaded
Chrome Cache Entry: 354
Unicode text, UTF-8 text, with very long lines (49273)
downloaded
Chrome Cache Entry: 356
ASCII text, with very long lines (3616)
downloaded
Chrome Cache Entry: 357
Unicode text, UTF-8 text, with very long lines (2749)
downloaded
Chrome Cache Entry: 358
ASCII text, with very long lines (1176)
downloaded
Chrome Cache Entry: 359
ASCII text
downloaded
Chrome Cache Entry: 360
JSON data
downloaded
Chrome Cache Entry: 361
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
downloaded
Chrome Cache Entry: 362
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
downloaded
Chrome Cache Entry: 363
Web Open Font Format (Version 2), TrueType, length 52648, version 0.0
downloaded
Chrome Cache Entry: 364
HTML document, ASCII text, with very long lines (342)
downloaded
Chrome Cache Entry: 365
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
downloaded
Chrome Cache Entry: 366
ASCII text, with very long lines (2685), with no line terminators
downloaded
Chrome Cache Entry: 367
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 368
Unicode text, UTF-8 (with BOM) text, with very long lines (64986)
downloaded
Chrome Cache Entry: 369
JSON data
downloaded
Chrome Cache Entry: 370
ASCII text, with very long lines (32758)
downloaded
Chrome Cache Entry: 371
Unicode text, UTF-8 text, with very long lines (581)
downloaded
Chrome Cache Entry: 372
ASCII text, with very long lines (638)
downloaded
Chrome Cache Entry: 373
ASCII text, with very long lines (6625), with no line terminators
downloaded
Chrome Cache Entry: 374
PNG image data, 64 x 37, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 375
HTML document, Unicode text, UTF-8 text, with very long lines (9103), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 376
Web Open Font Format, TrueType, length 1372, version 1.0
downloaded
Chrome Cache Entry: 377
ASCII text, with very long lines (479)
downloaded
Chrome Cache Entry: 378
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 379
ASCII text, with very long lines (43014)
downloaded
Chrome Cache Entry: 380
ASCII text, with very long lines (8478), with no line terminators
downloaded
Chrome Cache Entry: 381
ASCII text, with very long lines (836)
downloaded
Chrome Cache Entry: 382
ASCII text, with very long lines (547)
downloaded
Chrome Cache Entry: 383
ASCII text
downloaded
Chrome Cache Entry: 384
JSON data
downloaded
There are 78 hidden files, click here to show them.

Domains

Name
IP
Malicious
bbva.com
23.44.94.139
googleads.g.doubleclick.net
172.217.15.194
id.google.com
172.217.3.67
privacyportal-eu.onetrust.com
104.18.32.137
www.google.com
192.178.50.68
d3l7jhiu2gy1zw.cloudfront.net
108.157.172.145
ne-web-arr.eurolandir.com
13.79.120.98
td.doubleclick.net
142.251.35.226
analytics.google.com
142.250.217.174
cdn.cookielaw.org
104.19.177.52
d2vk5bl24vn97n.cloudfront.net
65.8.178.77
stats.g.doubleclick.net
173.194.216.155
www.besmartee.com
unknown
www.bbva.com
unknown
assets.adobedtm.com
unknown
www.linkedin.com
unknown
api.besmartee.com
unknown
px.ads.linkedin.com
unknown
snap.licdn.com
unknown
tools.eurolandir.com
unknown
There are 10 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
142.250.189.142
unknown
United States
192.178.50.78
unknown
United States
192.178.50.35
unknown
United States
104.19.177.52
cdn.cookielaw.org
United States
192.168.2.16
unknown
unknown
172.217.15.194
googleads.g.doubleclick.net
United States
108.157.172.145
d3l7jhiu2gy1zw.cloudfront.net
United States
74.125.196.84
unknown
United States
13.79.120.98
ne-web-arr.eurolandir.com
United States
142.250.217.163
unknown
United States
104.18.32.137
privacyportal-eu.onetrust.com
United States
172.217.165.194
unknown
United States
142.251.35.234
unknown
United States
172.217.3.67
id.google.com
United States
172.217.2.206
unknown
United States
65.8.178.77
d2vk5bl24vn97n.cloudfront.net
United States
23.196.176.224
unknown
United States
172.217.2.200
unknown
United States
192.178.50.67
unknown
United States
192.178.50.68
www.google.com
United States
142.250.64.228
unknown
United States
192.178.50.42
unknown
United States
23.44.94.139
bbva.com
United States
142.250.217.226
unknown
United States
13.107.42.14
unknown
United States
142.250.217.232
unknown
United States
142.250.217.174
analytics.google.com
United States
142.250.217.196
unknown
United States
184.28.75.161
unknown
United States
239.255.255.250
unknown
Reserved
142.250.217.234
unknown
United States
142.251.35.226
td.doubleclick.net
United States
20.118.56.6
unknown
United States
173.194.216.155
stats.g.doubleclick.net
United States
142.250.217.195
unknown
United States
142.250.217.170
unknown
United States
There are 26 hidden IPs, click here to show them.