top title background image
flash

install.bat

Status: finished
Submission Time: 2020-04-15 16:23:25 +02:00
Clean
Evader

Comments

Tags

Details

  • Analysis ID:
    222743
  • API (Web) ID:
    342153
  • Analysis Started:
    2020-04-15 16:23:33 +02:00
  • Analysis Finished:
    2020-04-15 16:35:02 +02:00
  • MD5:
    dd5b1694ed8e9239e19ffd1fda71e5f9
  • SHA1:
    8b1c587b8f8c669e48dd887d05644dc5f9a62b67
  • SHA256:
    d6616ab7450ded567be907f7c4c516524039f01b9e3ac65b6daa3f0f7bb7b21b
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
clean
Score: 14
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

URLs

Name Detection
http://wixtoolset.org/schemas/v4/thmutilurleur
https://falcon.crowdstrike.com/terms-and-conditions/
http://appsyndication.org/2006/appsynapplicationc:
Click to see the 4 hidden entries
http://wixtoolset.org/schemas/v4/thmutild=ur
https://www.crowdstrike.com/privacy-notice
http://crl4.digic
http://appsyndication.org/2006/appsyn

Dropped files

Name File Type Hashes Detection
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\.be\WindowsSensor.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Windows\Installer\wix{32F3A7BA-B65B-42FE-8D4F-BBD7B1861C00}.SchedServiceConfig.rmi
data
#
C:\Windows\Installer\wix{32F3A7BA-B65B-42FE-8D4F-BBD7B1861C00}.DriversInstall.rmi
data
#
Click to see the 22 hidden entries
C:\Users\user\AppData\Local\Temp\CrowdStrike Windows Sensor_20200415162408_001_Agent64.log
Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR, LF line terminators
#
C:\Users\user\AppData\Local\Temp\CrowdStrike Windows Sensor_20200415162408.log
ASCII text, with very long lines, with CRLF line terminators
#
C:\ProgramData\Package Cache\{9a829f20-ba0d-49e5-a91d-00185ac0d05e}\state.rsm
LZMA compressed data, non-streamed, size 0
#
C:\ProgramData\Package Cache\{9a829f20-ba0d-49e5-a91d-00185ac0d05e}\WindowsSensor.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files\CrowdStrike\CSFalconService.man
exported SGML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Program Files (x86)\CSInstallTemp{41A3CE42-94B3-49D1-A5C8-C6CE43761DFA}\.cr\WindowsSensor.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\FirmwareAnalysis64
2
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\DeviceControl64
2
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\CSFalconServiceUninstallTool_x64.exe
PE32+ executable (console) x86-64, for MS Windows
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\Agent64
2
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\.ba\BlackButton.png
PNG image data, 246 x 216, 8-bit/color RGB, non-interlaced
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\.ba\warning.png
PNG image data, 56 x 46, 8-bit/color RGBA, non-interlaced
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\.ba\theme.wxl
XML 1.0 document, ASCII text, with very long lines
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\.ba\theme.thm
XML 1.0 document, ASCII text
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\.ba\redarrow.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\.ba\fgba.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\.ba\blackarrow.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\.ba\WindowBackground.png
PNG image data, 750 x 422, 8-bit/color RGB, non-interlaced
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\.ba\RedButton.png
PNG image data, 246 x 216, 8-bit/color RGB, non-interlaced
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\.ba\CloseButton.png
PNG image data, 29 x 58, 8-bit/color RGB, non-interlaced
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\.ba\BundleUI.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\CSInstallTemp{07FF19FE-F49B-48BE-AF30-9F91EC1F1DFF}\.ba\BootstrapperApplicationData.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
#