Automated Malware Analysis IOC Report for

Details

Filetype:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {BCD29B76-7AAB-464F-8087-3934E74A40A6}, Number of Words: 10, Subject: JoisApp, Author: Uifie Public Co, Name of Creating Application: JoisApp, Template: ;1033, Comments: This installer database contains the logic and data required to install JoisApp., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Jun 11 18:02:03 2024, Last Saved Time/Date: Tue Jun 11 18:02:03 2024, Last Printed: Tue Jun 11 18:02:03 2024, Number of Pages: 450
Entropy:	7.941556232479895
Filename:	setup.msi
Filesize:	25227264
MD5:	d06b110d3ce70b99849be9b67e0628e5
SHA1:	5d4d89cd45ef98d53960a02187785827c6d80e7a
SHA256:	1b1ab24f18299a51ac735702d501f92e627065666293ec5f31431e9b0997870b
SHA512:	2bc57d58c79fe0b9564f41692e295f732c41d30abf343a3b63026833032e3dae7dd3f434e8276c4a154fcb2d65b404603a20667ad3804ce57eca9fb01dd48cec
SSDEEP:	393216:YVZx5xy2zuYLOy4ORNcN3Lkk2dhSm0pcktXS7f2EBLqayZF3A90NbpO7EVIddzME:YbNyIKORg3LFud0ppof2dRpOEJN
Preview:	........................>.......................................................m.......................................................p...............................................................W...X...Y...Z...[...\...]...^..._...`...a...b...c...d..

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary
Submission file is bigger than most known malware samples	System Summary

Details

File:	C:\Users\user\AppData\Local\Temp\msiC168.txt
Category:	dropped
Dump:	msiC168.txt.3.dr
ID:	dr_114
Target ID:	3
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Type:	Unicode text, UTF-16, little-endian text, with no line terminators
Entropy:	3.042367221086455
Encrypted:	false
Ssdeep:	3:QzHlFldPWNlANf5Yplf955:QTvl03ANqLN
Size:	54
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Bypasses PowerShell execution policy	HIPS / PFW / Operating System Protection Evasion	PowerShell
Sigma detected: Script Interpreter Execution From Suspicious Folder	System Summary
Sigma detected: Suspicious Script Execution From Temp Folder	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Change PowerShell Policies to an Insecure Level	System Summary
Sigma detected: Suspicious MsiExec Embedding Parent	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection

Details

File:	C:\Users\user\AppData\Local\Temp\pssC17B.ps1
Category:	dropped
Dump:	pssC17B.ps1.2.dr
ID:	dr_111
Target ID:	2
Process:	C:\Windows\SysWOW64\msiexec.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.5127462716425657
Encrypted:	false
Ssdeep:	96:5Wb5VNkKmeHn/V2BVrIovmgNlGjxcj6BngOcvjb:5WbyZ/gVyvb
Size:	6668
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Bypasses PowerShell execution policy	HIPS / PFW / Operating System Protection Evasion	PowerShell
Sigma detected: Script Interpreter Execution From Suspicious Folder	System Summary
Sigma detected: Suspicious Script Execution From Temp Folder	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Change PowerShell Policies to an Insecure Level	System Summary
Sigma detected: Suspicious MsiExec Embedding Parent	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection

Details

File:	C:\Users\user\AppData\Local\Temp\scrC169.ps1
Category:	dropped
Dump:	scrC169.ps1.2.dr
ID:	dr_110
Target ID:	2
Process:	C:\Windows\SysWOW64\msiexec.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.588916838742196
Encrypted:	false
Ssdeep:	12:QHxpl5aI5snfsGUBQM3I2q4clKcOW4l03g+g+q93KW4l03g1:QRpOI5sUGIQMY2O8jD+Mij1
Size:	572
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Bypasses PowerShell execution policy	HIPS / PFW / Operating System Protection Evasion	PowerShell
Sigma detected: Script Interpreter Execution From Suspicious Folder	System Summary
Sigma detected: Suspicious Script Execution From Temp Folder	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Change PowerShell Policies to an Insecure Level	System Summary
Sigma detected: Suspicious MsiExec Embedding Parent	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection

Details

File:	C:\Config.Msi\49b9d9.rbs
Category:	modified
Dump:	49b9d9.rbs.1.dr
ID:	dr_98
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	5.842317853728867
Encrypted:	false
Ssdeep:	384:GzpdScj+DS+O1A5mfhNlvJumytdsixzSE62S6th8UqX7JYLfS2wl7n958fzDrHQp:GzpdScj+DS+O1A5ehNlvJumytdsixmEI
Size:	22493
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Category:	dropped
Dump:	StartupProfileData-NonInteractive.3.dr
ID:	dr_115
Target ID:	3
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Type:	data
Entropy:	5.722583246549926
Encrypted:	false
Ssdeep:	48:gy3WSU4y4RQmFoUeUmfmZ9tK8NWR88n3VbFgyp2sg8SrW:goLHyIFKLFOZ2KW53NFgnrW
Size:	1852
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_prqpuxge.4sm.psm1
Category:	dropped
Dump:	__PSScriptPolicyTest_prqpuxge.4sm.psm1.3.dr
ID:	dr_113
Target ID:	3
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Ssdeep:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
Size:	60
Whitelisted:	false
Reputation:	high

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ummbptzo.u52.ps1
Category:	dropped
Dump:	__PSScriptPolicyTest_ummbptzo.u52.ps1.3.dr
ID:	dr_112
Target ID:	3
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Ssdeep:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
Size:	60
Whitelisted:	false
Reputation:	high

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Installer\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}\icon_31.exe
Category:	dropped
Dump:	icon_31.exe.1.dr
ID:	dr_96
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	MS Windows icon resource - 5 icons, 96x96, 32 bits/pixel, 72x72, 32 bits/pixel
Entropy:	4.222546221932802
Encrypted:	false
Ssdeep:	384:ZjEycsRokXVkGKlrBRRRR/ur/f4C2+27g6Do:ZNcs/VkhlYf4CffG
Size:	74814
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\D3DCompiler_47_cor3.dll
Category:	dropped
Dump:	D3DCompiler_47_cor3.dll.1.dr
ID:	dr_20
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.398595787699969
Encrypted:	false
Ssdeep:	49152:hCZnRO4XyM53Rkq4ypQqdoRpmrgBVYvkaRwv/ZD0/WYLDltog/RfznLeHTRhFRNz:oG2QCS6HHzog/pznA7T6V
Size:	4917392
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\LICENSE
Category:	dropped
Dump:	LICENSE.1.dr
ID:	dr_69
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	ASCII text
Entropy:	4.752775356515259
Encrypted:	false
Ssdeep:	96:TUzTuUET8+wPHQrAe3tKYOVqQCQje70/ujhLq3GGBeRJz1dmvED4foJopOVrA0ic:TUzi9LmZqvglBen5d+ErI0EwbLx
Size:	9450
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.CSharp.dll
Category:	dropped
Dump:	Microsoft.CSharp.dll.1.dr
ID:	dr_93
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.759737448867369
Encrypted:	false
Ssdeep:	24576:hAS0l87Mm5k1E+u1xjx1Db+Vu9yH1zsYKhdi4YBurK:hal87Mm53LlBb+Vu9yH4XiZ
Size:	1042576
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.DiaSymReader.Native.amd64.dll
Category:	dropped
Dump:	Microsoft.DiaSymReader.Native.amd64.dll.1.dr
ID:	dr_94
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.37694360746642
Encrypted:	false
Ssdeep:	24576:2z0s9kT3H8I0bo5rjwjnbRCJMy37DjZ3IrVynoT/RUqtMAIEohkGXTwImg:2Ys9m3H5rjQn1CiAnZ3yV+oTZQEoTT
Size:	1841296
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.VisualBasic.Core.dll
Category:	dropped
Dump:	Microsoft.VisualBasic.Core.dll.1.dr
ID:	dr_95
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.768974406997125
Encrypted:	false
Ssdeep:	24576:rQxuvY6hIkcPb0MjcrjPhTYlACiTIo+K5:PvY6Ok6bRjcrjpNCi
Size:	1245840
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Core.dll
Category:	dropped
Dump:	Qt5Core.dll.1.dr
ID:	dr_12
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.552193329590098
Encrypted:	false
Ssdeep:	98304:vIBxuKe1WAIIaUtXf4Pju4I38BWGny6gPBereJsv6tWKFdu9CJ54+1jYKi2:va+IpNHtiBPJsv6tWKFdu9CJ5ljZ
Size:	7442360
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Gui.dll
Category:	dropped
Dump:	Qt5Gui.dll.1.dr
ID:	dr_14
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.557228014843588
Encrypted:	false
Ssdeep:	98304:t+ysdIiPAgcsxId4UlbrqmH2Vgn4G5wXAsxwo+34v3e/KfiP8EEi88tV/ky:tpC1xnUlSmHk3Q3P4v3e/5jd8c
Size:	10025108
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Network.dll
Category:	dropped
Dump:	Qt5Network.dll.1.dr
ID:	dr_15
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.30949898168907
Encrypted:	false
Ssdeep:	49152:A4VgWXiPh6PNc1ad3vQSwAaR7v2YL25Gwv:A4VgWX3PNcAd3vJwA/R
Size:	2659737
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Svg.dll
Category:	dropped
Dump:	Qt5Svg.dll.1.dr
ID:	dr_16
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.137457917094125
Encrypted:	false
Ssdeep:	6144:PE/B6BjS+7rCDkiEOp4sNGCQFgy0zU7szKR+vAqDrT+6Nl2SaN38coanV0dLVPky:PEZ6BjSuuhEXLFrauwAj6XTaIp
Size:	597245
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Widgets.dll
Category:	dropped
Dump:	Qt5Widgets.dll.1.dr
ID:	dr_17
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.528044007940559
Encrypted:	false
Ssdeep:	98304:CVK7i1613Ha2feb5iQrCZsSiBRRJYr8Odlr+7++i50TSAyYpdwu+IwDkXir/fE8j:CVh1AQrCZcTOi7BW2sLCbPPMvmues
Size:	9420034
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\UnRAR.exe
Category:	dropped
Dump:	UnRAR.exe.1.dr
ID:	dr_33
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (console) x86-64, for MS Windows
Entropy:	6.4284173495366845
Encrypted:	false
Ssdeep:	6144:yY8mmN3YWYGAj9JwXScp39ioIKzKVEKfr01//bbh3S62Wt3A3ksFqXqjh6AusDyn:yY8XiWYGAkXh3Qqia/zAot3A6AhezSpK
Size:	506008
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-console-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-1-0.dll.1.dr
ID:	dr_67
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.596101286914553
Encrypted:	false
Ssdeep:	192:4nWYhWxWWFYg7VWQ4uWjXUtpwBqnajrmaaGJ:2WYhWvZqlQGJ
Size:	12224
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-console-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-2-0.dll.1.dr
ID:	dr_68
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.640081558424349
Encrypted:	false
Ssdeep:	192:iTWYhWyWWFYg7VWQ4uWq6Cu87ZqnajgnLSyu:sWYhWi1XHllk2yu
Size:	12224
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-datetime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-datetime-l1-1-0.dll.1.dr
ID:	dr_36
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6023398138369505
Encrypted:	false
Ssdeep:	192:5WYhWYWWFYg7VWQ4SWSS/njxceXqnajLJ35H:5WYhW4gjmAlnJpH
Size:	11712
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-debug-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-debug-l1-1-0.dll.1.dr
ID:	dr_37
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.614262942006268
Encrypted:	false
Ssdeep:	192:4WYhWFsWWFYg7VWQ4eWZzAR/BVrqnajcJH:4WYhWFMJRLlA5
Size:	11720
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-errorhandling-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
ID:	dr_38
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.654155040985372
Encrypted:	false
Ssdeep:	192:imxD3vEWYhWnWWFYg7VWQ4eWMOwNbDXbBqnaj0qJm8:iIEWYhWFpLbBlwqJm
Size:	11720
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-1-0.dll.1.dr
ID:	dr_39
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.548897063441128
Encrypted:	false
Ssdeep:	192:+AuVYPvVX8rFTsRWYhWyWWFYg7VWQ4eWQBAW+JSdqnajeMoLR9au:TBPvVXLWYhWiBdlaLFAu
Size:	15304
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-2-0.dll.1.dr
ID:	dr_40
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.622041192039296
Encrypted:	false
Ssdeep:	192:dzWYhW1sWWFYg7VWQ4yWL3sQlmqnajlD4h1N:BWYhW2e6l94h1N
Size:	11712
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l2-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l2-1-0.dll.1.dr
ID:	dr_41
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.730719514840594
Encrypted:	false
Ssdeep:	192:/VyWYhWjAWWFYg7VWQ4eWiuNwzNbDXbBqnaj0q:/VyWYhW8g+LbBlwq
Size:	11720
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-handle-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-handle-l1-1-0.dll.1.dr
ID:	dr_42
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.626458901834476
Encrypted:	false
Ssdeep:	192:P9RWYhWEWWFYg7VWQ4eWncTjxceXqnajLJS:LWYhWk3TjmAlnJS
Size:	11720
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-heap-l1-1-0.dll.1.dr
ID:	dr_43
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.577869728469469
Encrypted:	false
Ssdeep:	192:5t6DjZlTIWYhWsWWFYg7VWQ4eW4MtkR/BVrqnajc:5t6Dll0WYhWMqkRLlA
Size:	12232
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-interlocked-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-interlocked-l1-1-0.dll.1.dr
ID:	dr_44
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6496318655699795
Encrypted:	false
Ssdeep:	192:nWYhWNWWFYg7VWQ4uWtGDlR/BVrqnajcU8:nWYhWLJDlRLlAU8
Size:	11712
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-libraryloader-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-libraryloader-l1-1-0.dll.1.dr
ID:	dr_45
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.587452239016064
Encrypted:	false
Ssdeep:	192:FvuBL3BBLZWYhWxWWFYg7VWQ4uW4g0jrQYcunYqnajv9Ml:FvuBL3BPWYhWv8jYulhMl
Size:	12736
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-localization-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-localization-l1-2-0.dll.1.dr
ID:	dr_46
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.658205945107734
Encrypted:	false
Ssdeep:	384:NOMw3zdp3bwjGzue9/0jCRrndbwNWYhW6WAulh2:NOMwBprwjGzue9/0jCRrndbw5D
Size:	14280
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-memory-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-memory-l1-1-0.dll.1.dr
ID:	dr_47
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.621310788423453
Encrypted:	false
Ssdeep:	96:qo1aCFEWYhWwp/DEs39DHDs35FrsvYgmr0DD0ADEs3TDL2L4m2grMWaLNpDEs3OC:teWYhWVWWFYg7VWQ4yWwAKZRqnajl6x7
Size:	12224
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-namedpipe-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
ID:	dr_48
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7263193693903345
Encrypted:	false
Ssdeep:	192:cWYhWZSWWFYg7VWQ4eWkcc7ZqnajgnLSp:cWYhW84cllk2p
Size:	11720
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processenvironment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
ID:	dr_49
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.601327134572443
Encrypted:	false
Ssdeep:	192:qKWYhWbWWFYg7VWQ4eWYoWjxceXqnajLJe:qKWYhWJ4WjmAlnJe
Size:	12744
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processthreads-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-0.dll.1.dr
ID:	dr_50
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.519411559704781
Encrypted:	false
Ssdeep:	192:AWXk1JzX9cKSIvWYhWLWWFYg7VWQ4SWW0uI7oinEqnajxMyqY:AWXk1JzNcKSIvWYhW5+uOEle6
Size:	14272
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processthreads-l1-1-1.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-1.dll.1.dr
ID:	dr_51
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.659079053710614
Encrypted:	false
Ssdeep:	192:NtxDfIeA6WYhW7WWFYg7VWQ4eWpB5ABzR/BVrqnajcb:NtxDfIeA6WYhWp28RLlA
Size:	12232
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-profile-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-profile-l1-1-0.dll.1.dr
ID:	dr_52
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7627840671368835
Encrypted:	false
Ssdeep:	192:clIHyZ36WYhWulWWFYg7VWQ4yWqeQDbLtsQlmqnajlDC:clIHyZKWYhWKhlbp6l9C
Size:	11200
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-rtlsupport-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr
ID:	dr_53
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.590253878523919
Encrypted:	false
Ssdeep:	192:4GeVvXK9WYhW1WWFYg7VWQ4yWj6k50IsQlmqnajlDl:4GeVy9WYhWzVk6l9l
Size:	12224
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-string-l1-1-0.dll.1.dr
ID:	dr_54
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.672720452347989
Encrypted:	false
Ssdeep:	192:byMvQWYhW5fWWFYg7VWQ4eWio3gDwcunYqnajv9JS:byMvQWYhW/BXwulhw
Size:	11720
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\axvlc.dll
Category:	dropped
Dump:	axvlc.dll.1.dr
ID:	dr_107
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.161377083530628
Encrypted:	false
Ssdeep:	24576:znT9uScWQKzgN4Meg4XDZtzSMPwiqrro1C1ofz7TTT6TTTETTTNTTTSfYvgraBX:zT9zgSMeg4X1tzbPwiFV
Size:	1345272
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\bibfgi.rar
Category:	dropped
Dump:	bibfgi.rar.1.dr
ID:	dr_106
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	EBCDIC text, with very long lines (65536), with no line terminators, with overstriking
Entropy:	0.0
Encrypted:	false
Ssdeep:	3:X3:n
Size:	172452224
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\clretwrc.dll
Category:	dropped
Dump:	clretwrc.dll.1.dr
ID:	dr_92
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.242899121071685
Encrypted:	false
Size:	304784
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\clrjit.dll
Category:	dropped
Dump:	clrjit.dll.1.dr
ID:	dr_18
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.4842656747358465
Encrypted:	false
Size:	1436816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\coreclr.dll
Category:	dropped
Dump:	coreclr.dll.1.dr
ID:	dr_19
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.5506861274321215
Encrypted:	false
Size:	5125776
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units.dat
Category:	dropped
Dump:	units.dat.1.dr
ID:	dr_60
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	ASCII text
Entropy:	4.009015102516367
Encrypted:	false
Size:	32572
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_ca.dat
Category:	dropped
Dump:	units_ca.dat.1.dr
ID:	dr_61
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	Unicode text, UTF-8 text
Entropy:	4.030801592661093
Encrypted:	false
Size:	40536
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_de.dat
Category:	dropped
Dump:	units_de.dat.1.dr
ID:	dr_62
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	Unicode text, UTF-8 text
Entropy:	4.276348317191952
Encrypted:	false
Size:	34241
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_es.dat
Category:	dropped
Dump:	units_es.dat.1.dr
ID:	dr_63
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	Unicode text, UTF-8 text
Entropy:	4.10275524405603
Encrypted:	false
Size:	28148
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_fr.dat
Category:	dropped
Dump:	units_fr.dat.1.dr
ID:	dr_64
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	Unicode text, UTF-8 text
Entropy:	4.098740347426859
Encrypted:	false
Size:	26297
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_ru.dat
Category:	dropped
Dump:	units_ru.dat.1.dr
ID:	dr_65
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	Unicode text, UTF-8 text
Entropy:	4.472585461338878
Encrypted:	false
Size:	39232
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_sv.dat
Category:	dropped
Dump:	units_sv.dat.1.dr
ID:	dr_66
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	Unicode text, UTF-8 text
Entropy:	4.085213100734249
Encrypted:	false
Size:	32496
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Assign Prerequisites.bmp
Category:	dropped
Dump:	Assign Prerequisites.bmp.1.dr
ID:	dr_70
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
Entropy:	2.077213957707642
Encrypted:	false
Size:	822
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Assign Resources.bmp
Category:	dropped
Dump:	Assign Resources.bmp.1.dr
ID:	dr_71
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
Entropy:	2.0781299846620236
Encrypted:	false
Size:	822
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Column Options.bmp
Category:	dropped
Dump:	Column Options.bmp.1.dr
ID:	dr_72
Target ID:	1
Process:	C:\Windows\System32\msiexec.exe
Type:	PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
Entropy:	1.9483459356843928
Encrypted:	false
Size:	822
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Delete Column.bmp
Category:

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
setup.msi

Files

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportsetup.msi

Files

IOC Report
setup.msi