top title background image
flash

Setup.exe

Status: finished
Submission Time: 2021-02-25 21:57:45 +01:00
Suspicious
Evader

Comments

Tags

Details

  • Analysis ID:
    358589
  • API (Web) ID:
    619183
  • Analysis Started:
    2021-02-25 21:57:47 +01:00
  • Analysis Finished:
    2021-02-25 22:19:44 +01:00
  • MD5:
    7b5d30bd9b7cdcca79e189aaaf5707fa
  • SHA1:
    45fe889c3660be692ba30bb6bcdc2b51380c214e
  • SHA256:
    a6385ebfc0c6e766e9f068ad348a53e39a18875da5e3759428633984c0b075aa
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
suspicious
Score: 24
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
suspicious
Score: 25
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Cmdline fuzzy

URLs

Name Detection
http://www.star4live.com:
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Click to see the 40 hidden entries
http://www.star4live.comyw
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
http://crl.thawte.com/ThawteTimestampingCA.crl0
https://dynamic.t
https://dev.virtualearth.net/REST/v1/Routes/Transit
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
https://dev.ditu.live.com/mapcontrol/logging.ashx
https://appexmapsappupdate.blob.core.windows.net
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
http://www.flexerasoftware.com0
https://activity.windows.com
http://www.bingmapsportal.com
https://dev.ditu.live.com/REST/v1/Locations
http://www.star4live.com
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
https://%s.dnet.xboxlive.com
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
http://csc3-2010-crl.verisign.c
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
https://dev.ditu.live.com/REST/v1/Routes/
https://dev.virtualearth.net/REST/v1/Routes/Driving
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
https://t0.tiles.ditu.live.com/tiles/gen
http://ocsp.thawte.com0
https://dev.virtualearth.net/REST/v1/Routes/
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
https://dev.virtualearth.net/REST/v1/Routes/Walking
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
https://%s.xboxlive.com
https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
https://dev.virtualearth.net/REST/v1/Locations
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
https://dev.virtualearth.net/mapcontrol/logging.ashx
http://www.star4live.come

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\~26DA.tmp
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\{87B4B6A8-70D2-4440-A989-3BFB21701630}\_ISMSIDEL.INI
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\{9C514F03-4DCD-488A-8741-E56052F331B5}\0x0409.ini
Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
#
Click to see the 33 hidden entries
C:\Users\user\AppData\Local\Temp\{9C514F03-4DCD-488A-8741-E56052F331B5}\Setup.INI
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\{9C514F03-4DCD-488A-8741-E56052F331B5}\Star4Live_P2P.msi
Intel;1033
#
C:\Users\user\AppData\Local\Temp\{9C514F03-4DCD-488A-8741-E56052F331B5}\_ISMSIDEL.INI
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\~1333.tmp
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\~1334.tmp
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\~1BD0.tmp
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\{87B4B6A8-70D2-4440-A989-3BFB21701630}\Star4Live_P2P.msi
Intel;1033
#
C:\Users\user\AppData\Local\Temp\~270A.tmp
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\~37D2.tmp
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\~37D3.tmp
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\~7431.tmp
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\~BB57.tmp
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\Desktop\Star4Live_P2P.msi
Intel;1033
#
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
ASCII text, with no line terminators
#
\Device\ConDrv
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\MSI7AD6.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x972542c4, page size 16384, DirtyShutdown, Windows version 10.0
#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
#
C:\Users\user\AppData\Local\Downloaded Installations\{877F9BE8-C6E2-462D-9A96-09E42390D002}\Star4Live_P2P.msi
Intel;1033
#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
data
#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
data
#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
data
#
C:\Users\user\AppData\Local\Temp\MSI2FA4.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Star4Live\Star4Live_P2P\log\p2plog_20210225-220938.6268
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\MSIe32f1.LOG
Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\MSIe7ebf.LOG
Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\{5D75E406-3500-49D7-B316-57EF55D0B89E}\0x0409.ini
Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\{5D75E406-3500-49D7-B316-57EF55D0B89E}\Setup.INI
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\{5D75E406-3500-49D7-B316-57EF55D0B89E}\Star4Live_P2P.msi
Intel;1033
#
C:\Users\user\AppData\Local\Temp\{5D75E406-3500-49D7-B316-57EF55D0B89E}\_ISMSIDEL.INI
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\{87B4B6A8-70D2-4440-A989-3BFB21701630}\0x0409.ini
Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\{87B4B6A8-70D2-4440-A989-3BFB21701630}\Setup.INI
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#