IOC Report
LexusXA Installer.msi

loading gif

Files

File Path
Type
Category
Malicious
LexusXA Installer.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {6E016F4D-F842-4D13-BDA0-1D990584865D}, Number of Words: 2, Subject: LexusXA Installer, Author: LexusORG, Name of Creating Application: LexusXA Installer, Template: ;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Fri Nov 29 15:27:42 2024, Last Saved Time/Date: Fri Nov 29 15:27:42 2024, Last Printed: Fri Nov 29 15:27:42 2024, Number of Pages: 450
initial sample
C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Programs\Lexus\is-KAK7L.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Programs\Lexus\is-LOG4N.tmp
PE32+ executable (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Programs\Lexus\unins000.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe (copy)
PE32+ executable (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\MSI2254.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\MSI22D2.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\MSI2312.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\MSI2332.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\MSI2362.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\MSI242E.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\MSI245E.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\MSI5736.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\MSI5766.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_ARC4.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_Salsa20.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_chacha20.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_pkcs1_decode.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aes.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aesni.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_arc2.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_blowfish.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cast.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cbc.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cfb.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ctr.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des3.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ecb.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_eksblowfish.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ocb.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ofb.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2b.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2s.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD2.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD4.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD5.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_RIPEMD160.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA1.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA224.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA256.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA384.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious