IOC Report
Legalia2Setup.msi

loading gif

Files

File Path
Type
Category
Malicious
Legalia2Setup.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;3082, Number of Pages: 200, Revision Number: {2E6A8679-AA0E-4E53-8E83-4BC40E86E325}, Title: Legalia 2, Author: CORPME, Number of Words: 2, Last Saved Time/Date: Tue Mar 21 15:30:04 2023, Last Printed: Tue Mar 21 15:30:04 2023
initial sample
C:\Config.Msi\610ce9.rbs
data
dropped
C:\Program Files (x86)\CORPME\Legalia 2\Ayuda\Legalia2HLPes.pdf
PDF document, version 1.4, 10 pages
dropped
C:\Program Files (x86)\CORPME\Legalia 2\CORPME.SECURITY.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\CORPME\Legalia 2\CORPMEeFirma.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\CORPME\Legalia 2\CorpmeeFE.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\CORPME\Legalia 2\ICSharpCode.SharpZipLib.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\CORPME\Legalia 2\IconoColegio.ico
MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel
dropped
C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\CORPME\Legalia 2\Legalia2Installer.InstallState
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (2594), with no line terminators
dropped
C:\Program Files (x86)\CORPME\Legalia 2\Legalia2Installer.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.Common.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.ProcessingObjectModel.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.WinForms.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\CORPME\Legalia 2\NLog.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\CORPME\Legalia 2\System.IO.Compression.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\CORPME\Legalia 2\System.Net.Http.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\CORPME\Legalia 2\itextsharp.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legalia 2.lnk
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
dropped
C:\Users\Public\Desktop\Legalia 2.lnk
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
dropped
C:\Users\user\.Legalia2\ConfLegalia2.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\CFGDFED.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\MSIDFEE.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Fonts\code128.ttf
TrueType Font data, 11 tables, 1st "OS/2", 16 names, Macintosh, Grandzebu. 2003. All Rights Reserved - GNU General Public LicenseRegularCode 128:1,201,20 Januar
dropped
C:\Windows\Installer\610ce8.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;3082, Number of Pages: 200, Revision Number: {2E6A8679-AA0E-4E53-8E83-4BC40E86E325}, Title: Legalia 2, Author: CORPME, Number of Words: 2, Last Saved Time/Date: Tue Mar 21 15:30:04 2023, Last Printed: Tue Mar 21 15:30:04 2023
dropped
C:\Windows\Installer\MSI1140.tmp
data
dropped
C:\Windows\Installer\MSI1567.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\SourceHash{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Installer\{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}\_DB919AB071B372378E83C6.exe
MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel
dropped
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Windows\Temp\~DF047C0385DEC1F9A9.TMP
data
dropped
C:\Windows\Temp\~DF6AB44113BFF427A8.TMP
data
modified
C:\Windows\Temp\~DFC5F44B05F4FE42D3.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFC8826386CB0E8AD3.TMP
data
dropped
C:\Windows\Temp\~DFCEEEDA8442420AAF.TMP
Composite Document File V2 Document, Cannot read section info
dropped
There are 26 hidden files, click here to show them.

Domains

Name
IP
Malicious
www.registradores.org
217.114.136.30

IPs

IP
Domain
Country
Malicious
217.114.136.30
www.registradores.org
Spain