Windows
Analysis Report
2UoXCbfNSl.msi
Overview
General Information
Sample Name: | 2UoXCbfNSl.msi |
Original Sample Name: | cd8393350f7cfc0762e09ee3b0a98002a1b9abf362caf5f210e717e1d4ebe53a.msi |
Analysis ID: | 876164 |
MD5: | 82ff84cb9924f0855a894e75b5d3edb2 |
SHA1: | df89381239f8a8ececeb697a6a35a573203bac09 |
SHA256: | cd8393350f7cfc0762e09ee3b0a98002a1b9abf362caf5f210e717e1d4ebe53a |
Tags: | gozimsi |
Infos: | |
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- msiexec.exe (PID: 5424 cmdline:
"C:\Window s\System32 \msiexec.e xe" /i "C: \Users\use r\Desktop\ 2UoXCbfNSl .msi" MD5: 4767B71A318E201188A0D0A420C8B608)
- msiexec.exe (PID: 6800 cmdline:
C:\Windows \system32\ msiexec.ex e /V MD5: 4767B71A318E201188A0D0A420C8B608) - msiexec.exe (PID: 6924 cmdline:
C:\Windows \syswow64\ MsiExec.ex e -Embeddi ng EA13B63 4406DD4E4E 1EC4CF54DD C47D4 MD5: 12C17B5A5C2A7B97342C362CA467E9A2) - MSI2A38.tmp (PID: 2888 cmdline:
"C:\Window s\Installe r\MSI2A38. tmp" /Dont Wait C:\Wi ndows\Syst em32\rundl l32.exe C: \Users\use r\AppData\ Roaming\MS TX340\ini. dll,vips MD5: 0007940F5479831428131F029D3BD8F7) - MSI2E51.tmp (PID: 5228 cmdline:
"C:\Window s\Installe r\MSI2E51. tmp" "C:\P rogram Fil es (x86)\M icrosoft\E dge\Applic ation\msed ge.exe" fi le://C:\Us ers\user\A ppData\Roa ming\MSTX3 40/Informa tion_psw.p df MD5: 0007940F5479831428131F029D3BD8F7)
- cmd.exe (PID: 6936 cmdline:
cmd /c "ne t group "d omain comp uters" /do main" >> C :\Users\us er\AppData \Local\Tem p\4505.tmp MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 7020 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
- cmd.exe (PID: 2184 cmdline:
cmd /c "nl test /dcli st:" >> C: \Users\use r\AppData\ Local\Temp \158A.tmp MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 2820 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nltest.exe (PID: 5828 cmdline:
nltest /dc list: MD5: 3198EC1CA24B6CB75D597CEE39D71E58)
- cleanup
Timestamp: | 192.168.2.58.8.8.865323532023883 05/26/23-11:41:10.481245 |
SID: | 2023883 |
Source Port: | 65323 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 192.168.2.58.8.8.858581532023883 05/26/23-11:43:55.578387 |
SID: | 2023883 |
Source Port: | 58581 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 192.168.2.58.8.8.863446532023883 05/26/23-11:42:04.741109 |
SID: | 2023883 |
Source Port: | 63446 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 192.168.2.58.8.8.860975532023883 05/26/23-11:42:44.239811 |
SID: | 2023883 |
Source Port: | 60975 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 192.168.2.58.8.8.856687532023883 05/26/23-11:44:33.716234 |
SID: | 2023883 |
Source Port: | 56687 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 192.168.2.58.8.8.856682532023883 05/26/23-11:43:20.455009 |
SID: | 2023883 |
Source Port: | 56682 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 192.168.2.58.8.8.861344532023883 05/26/23-11:45:10.193356 |
SID: | 2023883 |
Source Port: | 61344 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | Potentially Bad Traffic |
Click to jump to signature section
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Code function: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File deleted: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: |
Source: | Code function: |
Source: | Static file information: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Code function: |
Source: | Static file information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: |
Persistence and Installation Behavior |
---|
Source: | Executable created and started: | ||
Source: | Executable created and started: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Check user administrative privileges: |
Source: | Process created: | ||
Source: | Process created: |
Source: | API coverage: |
Source: | Process information queried: |
Source: | Code function: |
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: |
Source: | Process created: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Key value queried: |
Source: | Code function: |
Source: | Code function: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Replication Through Removable Media | 1 Native API | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 121 Masquerading | OS Credential Dumping | 2 System Time Discovery | 1 Replication Through Removable Media | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 1 Disable or Modify Tools | LSASS Memory | 3 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 1 DLL Side-Loading | 11 Process Injection | Security Account Manager | 2 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Deobfuscate/Decode Files or Information | NTDS | 11 Peripheral Device Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 DLL Side-Loading | Cached Domain Credentials | 34 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 File Deletion | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low |
Joe Sandbox Version: | 37.1.0 Beryl |
Analysis ID: | 876164 |
Start date and time: | 2023-05-26 11:40:14 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 13s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | 2UoXCbfNSl.msi |
Original Sample Name: | cd8393350f7cfc0762e09ee3b0a98002a1b9abf362caf5f210e717e1d4ebe53a.msi |
Detection: | MAL |
Classification: | mal52.evad.winMSI@18/31@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, rundll32.exe, WMIADAP.exe, conhost.exe
- Excluded domains from analysis (whitelisted): sumarno.top, ctldl.windowsupdate.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- VT rate limit hit for: 2UoXCbfNSl.msi
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 433224 |
Entropy (8bit): | 6.567843589414793 |
Encrypted: | false |
SSDEEP: | 12288:1/ePEitwJH6g7scgFzMzMHf7hM53l6hEFMI:1/EEimJH6g7scSzMQDC51fCI |
MD5: | 5019AEEF7A712537257F5D833CB69E8E |
SHA1: | 78E1A5D7A41B0984F9C16F90F887473754ED11F7 |
SHA-256: | D76A49FAB64EC85290B2524B3C0CFEA2613D80C366C85440B982BF77F08B285E |
SHA-512: | E61EE3DA78611724D22617D1A75F9C33B4681B207860A4B0B34737890EBACCFAFD8639F3C14FDF6FF2775C90E40EBC80816CA00464ACCF1A2B3CFE4240CA8739 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | modified |
Size (bytes): | 36 |
Entropy (8bit): | 4.030493056757482 |
Encrypted: | false |
SSDEEP: | 3:XT5LzdUA2AGN8y:XtLxUANGN8y |
MD5: | C58986635C266E6C06609B908580BEDE |
SHA1: | 4672DCE03D3DD9560CF74035AFF3D9AEBB7201E4 |
SHA-256: | A2F1BB2817F976E129974B003E3EC12FB8A644C1952BB667116317FD26416042 |
SHA-512: | 36241E4BDA8AD7E4137624BBFBB999C643D34A2095BA078F9886D92F4726913BDB9DC1E1F44141A6738C1E4D9042B802E49F774C0F1C6901735F4B069834449F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | modified |
Size (bytes): | 78 |
Entropy (8bit): | 4.53413189515719 |
Encrypted: | false |
SSDEEP: | 3:GAJzRRljFEOIlAEXrkVBiqV9yyn:5zRRl5KAEXoriqX |
MD5: | AAEC14B2DE8E2FDAF8427672122AF65C |
SHA1: | CA953EFAD669C93AF85B968D747BAA544D4465FB |
SHA-256: | 14C94C44D0EB89A820D96E1791F4B754C87EE778B5F4478289DF0FB22E1C3DA1 |
SHA-512: | A5CBAD3DE5070FDCD6AA7F3F5EDA42B69FAEF44A431CF48E20CA1F4F42C648EE80BD5F1D9B981624AE6B39E2435B4278C9FD1E97491E3B244A2BBA7D629021A8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5025958 |
Entropy (8bit): | 7.900777436536752 |
Encrypted: | false |
SSDEEP: | 98304:a4+lkYcmmDre6c12gCZ14CMrCQt+v0UO3KibbbbbbwVukcRVILLleuCQf4RD8:4MmmjBgY10bt+MUOTbbbbbbwZcRVILh9 |
MD5: | 3926092166AE5C4C0366277EF094B9E2 |
SHA1: | 225F6AAD4A6AD7F66B674ED40A0CD67B6FBB6F38 |
SHA-256: | CD30DA7E64DD8C7FD2F707E54C68BD874AAABC48D2B191C2C7E0AEE9C32888CB |
SHA-512: | FB077BDEECC571D631F016DAF7091C2BF440BE5819637825B5D89ED361BF76773F615BD1DEC92BE4207679A83817FC4A1A53ED0AE1A5BB4719B6FD4E8421780B |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294400 |
Entropy (8bit): | 6.630880578475371 |
Encrypted: | false |
SSDEEP: | 6144:YwqnlTIaNrhtD+Cqdoazww2X/4TFEX0Ia:5qln1Y2MTGkI |
MD5: | D0584EDCC980EF43E697629ADE83C54B |
SHA1: | A68DEEA2D4F40BEF60C7F605BC2AAE9698259E69 |
SHA-256: | E33A713B96B45E2B2E0DA350C0FDAAF865139607066AADFF3B67B0CED82CA8BC |
SHA-512: | 917F8206777512BA537C3B67D4E1A31CBF86C690986EF617D5EE34A7818CE09C23067CAAE3D22A9E1FF7DBA0FDF17322F33B579CA0827F19EF0CBABE2F486B5E |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6096508 |
Entropy (8bit): | 7.8151534308811135 |
Encrypted: | false |
SSDEEP: | 98304:ajJzMUpQ/2zKN5DmsQPKEvia5Zld9l4jH43ZnzgB1wLhQNHFRaFUDAQQHk8iQdvk:M5NzKNgsKKE6UZD9l4IZnzgLwLhQNHFd |
MD5: | 82FF84CB9924F0855A894E75B5D3EDB2 |
SHA1: | DF89381239F8A8ECECEB697A6A35A573203BAC09 |
SHA-256: | CD8393350F7CFC0762E09EE3B0A98002A1B9ABF362CAF5F210E717E1D4EBE53A |
SHA-512: | 416DB643CBFDA60B26BB3EAC8B6A94B148B506BC016D562BC51E085F765400C56412462B42E2E29DCC44FA621349781C1C225081804C528A0A7FD1822663597B |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6096508 |
Entropy (8bit): | 7.8151534308811135 |
Encrypted: | false |
SSDEEP: | 98304:ajJzMUpQ/2zKN5DmsQPKEvia5Zld9l4jH43ZnzgB1wLhQNHFRaFUDAQQHk8iQdvk:M5NzKNgsKKE6UZD9l4IZnzgLwLhQNHFd |
MD5: | 82FF84CB9924F0855A894E75B5D3EDB2 |
SHA1: | DF89381239F8A8ECECEB697A6A35A573203BAC09 |
SHA-256: | CD8393350F7CFC0762E09EE3B0A98002A1B9ABF362CAF5F210E717E1D4EBE53A |
SHA-512: | 416DB643CBFDA60B26BB3EAC8B6A94B148B506BC016D562BC51E085F765400C56412462B42E2E29DCC44FA621349781C1C225081804C528A0A7FD1822663597B |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 598840 |
Entropy (8bit): | 6.4742572330426045 |
Encrypted: | false |
SSDEEP: | 12288:JTjOV8EDRaQsUDE2dYu8z5fN8HcsvwaqN:hjOeEMQNLS5W8svwaqN |
MD5: | 8E565FD81CA10A65CC02E7901A78C95B |
SHA1: | 1BCA3979C233321AE527D4508CFE9B3BA825DBD3 |
SHA-256: | 7B64112C2C534203BB59CE1A9B7D5390448C045DDA424FB3CFD5878EDB262016 |
SHA-512: | 144BDE89EBA469B32B59F30E7F4D451329C541ED7B556BC60D118C9E2E5CDF148C2275CCA51C4B9355686AEFA16A4B86A26D4C8FE0DD2CF318B979863109592E |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 598840 |
Entropy (8bit): | 6.4742572330426045 |
Encrypted: | false |
SSDEEP: | 12288:JTjOV8EDRaQsUDE2dYu8z5fN8HcsvwaqN:hjOeEMQNLS5W8svwaqN |
MD5: | 8E565FD81CA10A65CC02E7901A78C95B |
SHA1: | 1BCA3979C233321AE527D4508CFE9B3BA825DBD3 |
SHA-256: | 7B64112C2C534203BB59CE1A9B7D5390448C045DDA424FB3CFD5878EDB262016 |
SHA-512: | 144BDE89EBA469B32B59F30E7F4D451329C541ED7B556BC60D118C9E2E5CDF148C2275CCA51C4B9355686AEFA16A4B86A26D4C8FE0DD2CF318B979863109592E |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 598840 |
Entropy (8bit): | 6.4742572330426045 |
Encrypted: | false |
SSDEEP: | 12288:JTjOV8EDRaQsUDE2dYu8z5fN8HcsvwaqN:hjOeEMQNLS5W8svwaqN |
MD5: | 8E565FD81CA10A65CC02E7901A78C95B |
SHA1: | 1BCA3979C233321AE527D4508CFE9B3BA825DBD3 |
SHA-256: | 7B64112C2C534203BB59CE1A9B7D5390448C045DDA424FB3CFD5878EDB262016 |
SHA-512: | 144BDE89EBA469B32B59F30E7F4D451329C541ED7B556BC60D118C9E2E5CDF148C2275CCA51C4B9355686AEFA16A4B86A26D4C8FE0DD2CF318B979863109592E |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 598840 |
Entropy (8bit): | 6.4742572330426045 |
Encrypted: | false |
SSDEEP: | 12288:JTjOV8EDRaQsUDE2dYu8z5fN8HcsvwaqN:hjOeEMQNLS5W8svwaqN |
MD5: | 8E565FD81CA10A65CC02E7901A78C95B |
SHA1: | 1BCA3979C233321AE527D4508CFE9B3BA825DBD3 |
SHA-256: | 7B64112C2C534203BB59CE1A9B7D5390448C045DDA424FB3CFD5878EDB262016 |
SHA-512: | 144BDE89EBA469B32B59F30E7F4D451329C541ED7B556BC60D118C9E2E5CDF148C2275CCA51C4B9355686AEFA16A4B86A26D4C8FE0DD2CF318B979863109592E |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 598840 |
Entropy (8bit): | 6.4742572330426045 |
Encrypted: | false |
SSDEEP: | 12288:JTjOV8EDRaQsUDE2dYu8z5fN8HcsvwaqN:hjOeEMQNLS5W8svwaqN |
MD5: | 8E565FD81CA10A65CC02E7901A78C95B |
SHA1: | 1BCA3979C233321AE527D4508CFE9B3BA825DBD3 |
SHA-256: | 7B64112C2C534203BB59CE1A9B7D5390448C045DDA424FB3CFD5878EDB262016 |
SHA-512: | 144BDE89EBA469B32B59F30E7F4D451329C541ED7B556BC60D118C9E2E5CDF148C2275CCA51C4B9355686AEFA16A4B86A26D4C8FE0DD2CF318B979863109592E |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 426852 |
Entropy (8bit): | 6.559397164118567 |
Encrypted: | false |
SSDEEP: | 12288:1/ePEitwJH6g7scgFzMzMHf7hM53l6hEFMF:1/EEimJH6g7scSzMQDC51fCF |
MD5: | 0CB5A74785F2E7579793EE98BC1F6C73 |
SHA1: | 3A4B62BC783F4078C2ECEC6FBC73544846BFB5C5 |
SHA-256: | CC788E81F0089BCE361227390954CD673EC2C54D8C645C4904F7F2EC422FA008 |
SHA-512: | 966A73C53D9EE2CB1BD00BC4282BE5021645A80E495F91A8648557431EB4C09A92463FDE08999F9F8628D6688F60F14FFA50DEAEABA528BE917EA214FE349808 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 423936 |
Entropy (8bit): | 6.554120162469703 |
Encrypted: | false |
SSDEEP: | 12288:A/ePEitwJH6g7scgFzMzMHf7hM53l6hEFM:A/EEimJH6g7scSzMQDC51fC |
MD5: | 0007940F5479831428131F029D3BD8F7 |
SHA1: | 8DED66ACBD836388C1414512025BD9004C90903B |
SHA-256: | 340B6EECEB447FB9C8393DDAAA896C9D7013333E2D5587C7A580E56BEB232320 |
SHA-512: | C4F75C939ACF139F85ABFFC0264DE0279EF35914121E132C0BC22B3EA0080A9573665080F5C8AE5DB3B620341AACC871D094EF52BC7B6963275112572A490BDF |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | modified |
Size (bytes): | 423936 |
Entropy (8bit): | 6.554120162469703 |
Encrypted: | false |
SSDEEP: | 12288:A/ePEitwJH6g7scgFzMzMHf7hM53l6hEFM:A/EEimJH6g7scSzMQDC51fC |
MD5: | 0007940F5479831428131F029D3BD8F7 |
SHA1: | 8DED66ACBD836388C1414512025BD9004C90903B |
SHA-256: | 340B6EECEB447FB9C8393DDAAA896C9D7013333E2D5587C7A580E56BEB232320 |
SHA-512: | C4F75C939ACF139F85ABFFC0264DE0279EF35914121E132C0BC22B3EA0080A9573665080F5C8AE5DB3B620341AACC871D094EF52BC7B6963275112572A490BDF |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20480 |
Entropy (8bit): | 1.1643312877601788 |
Encrypted: | false |
SSDEEP: | 12:JSbX72Fj6UAGiLIlHVRpZh/7777777777777777777777777vDHFXEcNuit/l0i5:J7QI5tx3iF |
MD5: | EFB3328B4DE134D0E78A76334A84596D |
SHA1: | 7995922AEB32005BEB2E17E21E85A654A19B8593 |
SHA-256: | D1E96F12D9544F06CBCE473F6F1F90A484B1BD59BA5DC50E05133B93B04920CA |
SHA-512: | 74FACAA1185467BC7516B2969D39062AB7CA1BC3F7AF0E356588B778D8E58F4E96A223C47FBAC7B9303D65BAE7EB0A1A53F798170CC4A227E91B4F01879B8139 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20480 |
Entropy (8bit): | 1.5303886579335395 |
Encrypted: | false |
SSDEEP: | 48:k8PhquRc06WXJWFT5JBFrSZFAErCykxrSZZThIH:7hq1tFT3BFr4OwCdr4E |
MD5: | 5A26ADF205D266FD71C7F863D5E2938D |
SHA1: | 434D819B840D50770E6E85EEE5AC251D12F5439D |
SHA-256: | 4CAC64CE59CBD07DA3FB8E10E533EF264A2E231B05EDB2089793D9C88F976286 |
SHA-512: | FFA27B08779C87E6D54FF98D6805EE10E7EAEFAB04E0C86FBCEEB7A64F8254CF436851250B288B82B2F4FDBA8F63BD9D9B4A595ADFA0B6AABD38AB2C70A3CC88 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 81287 |
Entropy (8bit): | 5.298770088687002 |
Encrypted: | false |
SSDEEP: | 192:XL/vcrZZDZo/ZrXczaIcO/gcMH5elWSLK:XDvsDZGrkaIcO/Y5XuK |
MD5: | E84CEBF763C0BF4948BC6B99286B5479 |
SHA1: | EFB268A1C5DC2CAA1F2EB69747025E50F46765CA |
SHA-256: | 53EE78262CD145E9EEAFCBE8DA3DB5DAE242A6DF75832F431DE2D5AB538D5489 |
SHA-512: | 26B52EE7A321FA084B239E0B1FB81BB9B163C4EF0ADC11C60D33D33663F661D85C73987AF4AB6BE0D25A9360527DD845C76CCFFAE3D305A03C368F643CDE5176 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 1.2299014095130887 |
Encrypted: | false |
SSDEEP: | 48:73iuPO+CFXJXT5xBFrSZFAErCykxrSZZThIH:jif/TPBFr4OwCdr4E |
MD5: | A7BC4B3A3E89C185686F43FA605B9B8D |
SHA1: | 6BC073D16D83BF863862C3B86F052AC5929F0AB3 |
SHA-256: | B3D5B044FD2DD2F081E8E52EAB1FA572EC181A1D0DA30622449289F5C1307DE7 |
SHA-512: | AB9C4C66EF8128B642E86B4C98A1897804D8B2992DB389E22A7A56BBF73A8FA4DBA8724E422C8EFE06DBC04D573C80FA6889F60BA672CA335D8D43238A62BD25 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20480 |
Entropy (8bit): | 1.5303886579335395 |
Encrypted: | false |
SSDEEP: | 48:k8PhquRc06WXJWFT5JBFrSZFAErCykxrSZZThIH:7hq1tFT3BFr4OwCdr4E |
MD5: | 5A26ADF205D266FD71C7F863D5E2938D |
SHA1: | 434D819B840D50770E6E85EEE5AC251D12F5439D |
SHA-256: | 4CAC64CE59CBD07DA3FB8E10E533EF264A2E231B05EDB2089793D9C88F976286 |
SHA-512: | FFA27B08779C87E6D54FF98D6805EE10E7EAEFAB04E0C86FBCEEB7A64F8254CF436851250B288B82B2F4FDBA8F63BD9D9B4A595ADFA0B6AABD38AB2C70A3CC88 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 1.2299014095130887 |
Encrypted: | false |
SSDEEP: | 48:73iuPO+CFXJXT5xBFrSZFAErCykxrSZZThIH:jif/TPBFr4OwCdr4E |
MD5: | A7BC4B3A3E89C185686F43FA605B9B8D |
SHA1: | 6BC073D16D83BF863862C3B86F052AC5929F0AB3 |
SHA-256: | B3D5B044FD2DD2F081E8E52EAB1FA572EC181A1D0DA30622449289F5C1307DE7 |
SHA-512: | AB9C4C66EF8128B642E86B4C98A1897804D8B2992DB389E22A7A56BBF73A8FA4DBA8724E422C8EFE06DBC04D573C80FA6889F60BA672CA335D8D43238A62BD25 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.07172138949471873 |
Encrypted: | false |
SSDEEP: | 6:2/9LG7iVCnLG7iVrKOzPLHKOXEcNVfgVky6lit/:2F0i8n0itFzDHFXEcNBit/ |
MD5: | 2A4834F747E9222F78EE8405FD0997E1 |
SHA1: | 4BF2D081A93F6B6B3613D7A51CD425ACB4984DB9 |
SHA-256: | FA9E61F246D4781A93A9F597C06F7F8DE30E7E6990984A852A5C5BD2DC7B5E4A |
SHA-512: | 7C98D68920BB69CF3B0BEB63380C84F331B93158AE723B5DA05175CB5F23FD90357FC33B13FEC95F4B51B057BE3685492F21CB77F494597DD1CBBD8AFF6528CE |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 73728 |
Entropy (8bit): | 0.12531497003687206 |
Encrypted: | false |
SSDEEP: | 24:wAYnXLAMTx0EDripV0EDF0EDripV0EDFAEV0yjCykVQwGBVyR+suC:wHkMTNrSZprSZFAErCyk1I |
MD5: | 203268CF52A6C032ED29188A6BA2F596 |
SHA1: | 41027384693A91DB4DB44A9FEE45B06042C58E78 |
SHA-256: | 1E6F61F2E3C54149C55EF47F1C9464A0B1FD7AE7AE5655E063F6389652AF29BE |
SHA-512: | D868CD9BADE8C235320CA52ACA0B874BD565EAE2A89E83822EAB8A8A4FBB0F5C5D86C211A36F6472CCA1B0BE8AD212D7726F1D65FB0707FDA96B13EB2A31EF5D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20480 |
Entropy (8bit): | 1.5303886579335395 |
Encrypted: | false |
SSDEEP: | 48:k8PhquRc06WXJWFT5JBFrSZFAErCykxrSZZThIH:7hq1tFT3BFr4OwCdr4E |
MD5: | 5A26ADF205D266FD71C7F863D5E2938D |
SHA1: | 434D819B840D50770E6E85EEE5AC251D12F5439D |
SHA-256: | 4CAC64CE59CBD07DA3FB8E10E533EF264A2E231B05EDB2089793D9C88F976286 |
SHA-512: | FFA27B08779C87E6D54FF98D6805EE10E7EAEFAB04E0C86FBCEEB7A64F8254CF436851250B288B82B2F4FDBA8F63BD9D9B4A595ADFA0B6AABD38AB2C70A3CC88 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 1.2299014095130887 |
Encrypted: | false |
SSDEEP: | 48:73iuPO+CFXJXT5xBFrSZFAErCykxrSZZThIH:jif/TPBFr4OwCdr4E |
MD5: | A7BC4B3A3E89C185686F43FA605B9B8D |
SHA1: | 6BC073D16D83BF863862C3B86F052AC5929F0AB3 |
SHA-256: | B3D5B044FD2DD2F081E8E52EAB1FA572EC181A1D0DA30622449289F5C1307DE7 |
SHA-512: | AB9C4C66EF8128B642E86B4C98A1897804D8B2992DB389E22A7A56BBF73A8FA4DBA8724E422C8EFE06DBC04D573C80FA6889F60BA672CA335D8D43238A62BD25 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\nltest.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 77 |
Entropy (8bit): | 4.8791536144029335 |
Encrypted: | false |
SSDEEP: | 3:YaHNFdAmER2fQsKKrqyav:YQNs92Sfv |
MD5: | 45B19A8643D9F754F189A9B397DF3722 |
SHA1: | 4A9C4C1A875E5C98353DA157493ED0B4C0A653B5 |
SHA-256: | BEA3B5810B84EE81FB257645355539BC9BEFA02E457EC4E359BEC21C2BEEB042 |
SHA-512: | A676AD5D35BE590BC52613499CE6E00452D64C2681E3C23A831BD886350C8EF54BE74FE78A7C6C7ED4984EFFC92F8F7E86B1FD564759156D5A7B288A5754BF38 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.8151534308811135 |
TrID: |
|
File name: | 2UoXCbfNSl.msi |
File size: | 6096508 |
MD5: | 82ff84cb9924f0855a894e75b5d3edb2 |
SHA1: | df89381239f8a8ececeb697a6a35a573203bac09 |
SHA256: | cd8393350f7cfc0762e09ee3b0a98002a1b9abf362caf5f210e717e1d4ebe53a |
SHA512: | 416db643cbfda60b26bb3eac8b6a94b148b506bc016d562bc51e085f765400c56412462b42e2e29dcc44fa621349781c1c225081804c528a0a7fd1822663597b |
SSDEEP: | 98304:ajJzMUpQ/2zKN5DmsQPKEvia5Zld9l4jH43ZnzgB1wLhQNHFRaFUDAQQHk8iQdvk:M5NzKNgsKKE6UZD9l4IZnzgLwLhQNHFd |
TLSH: | 36561222B2C3C532C55D0277E968FE5E0539BE73473101E777E9396E99B48C1A27AB02 |
File Content Preview: | ........................>...................^...................................E.......b.......t...............................N...O...P...Q...R...S...T...U...V.............................................................................................. |
Icon Hash: | 2d2e3797b32b2b99 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 26, 2023 11:41:12.081121922 CEST | 53 | 65323 | 8.8.8.8 | 192.168.2.5 |
May 26, 2023 11:42:19.971673965 CEST | 53 | 56751 | 8.8.8.8 | 192.168.2.5 |
May 26, 2023 11:42:20.961313963 CEST | 53 | 56751 | 8.8.8.8 | 192.168.2.5 |
May 26, 2023 11:42:45.269511938 CEST | 53 | 60975 | 8.8.8.8 | 192.168.2.5 |
May 26, 2023 11:43:10.349685907 CEST | 53 | 55068 | 8.8.8.8 | 192.168.2.5 |
May 26, 2023 11:43:11.648736954 CEST | 53 | 55068 | 8.8.8.8 | 192.168.2.5 |
May 26, 2023 11:43:21.521276951 CEST | 53 | 56682 | 8.8.8.8 | 192.168.2.5 |
May 26, 2023 11:43:23.114259005 CEST | 53 | 56682 | 8.8.8.8 | 192.168.2.5 |
May 26, 2023 11:43:32.659657955 CEST | 53 | 58532 | 8.8.8.8 | 192.168.2.5 |
May 26, 2023 11:43:56.697468042 CEST | 53 | 58581 | 8.8.8.8 | 192.168.2.5 |
May 26, 2023 11:43:57.602169991 CEST | 53 | 58581 | 8.8.8.8 | 192.168.2.5 |
May 26, 2023 11:44:34.737889051 CEST | 53 | 56687 | 8.8.8.8 | 192.168.2.5 |
May 26, 2023 11:44:46.149173021 CEST | 53 | 64419 | 8.8.8.8 | 192.168.2.5 |
May 26, 2023 11:45:11.309842110 CEST | 53 | 61344 | 8.8.8.8 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 26, 2023 11:41:12.081121922 CEST | 8.8.8.8 | 192.168.2.5 | 0x2b56 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 26, 2023 11:42:19.971673965 CEST | 8.8.8.8 | 192.168.2.5 | 0x698c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 26, 2023 11:42:20.961313963 CEST | 8.8.8.8 | 192.168.2.5 | 0x698c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 26, 2023 11:42:45.269511938 CEST | 8.8.8.8 | 192.168.2.5 | 0xb958 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 26, 2023 11:43:10.349685907 CEST | 8.8.8.8 | 192.168.2.5 | 0x66ae | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 26, 2023 11:43:11.648736954 CEST | 8.8.8.8 | 192.168.2.5 | 0x66ae | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 26, 2023 11:43:21.521276951 CEST | 8.8.8.8 | 192.168.2.5 | 0xe540 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 26, 2023 11:43:23.114259005 CEST | 8.8.8.8 | 192.168.2.5 | 0xe540 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 26, 2023 11:43:32.659657955 CEST | 8.8.8.8 | 192.168.2.5 | 0x8abb | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 26, 2023 11:43:56.697468042 CEST | 8.8.8.8 | 192.168.2.5 | 0xd13c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 26, 2023 11:43:57.602169991 CEST | 8.8.8.8 | 192.168.2.5 | 0xd13c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 26, 2023 11:44:34.737889051 CEST | 8.8.8.8 | 192.168.2.5 | 0x769 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 26, 2023 11:44:46.149173021 CEST | 8.8.8.8 | 192.168.2.5 | 0x54ff | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 26, 2023 11:45:11.309842110 CEST | 8.8.8.8 | 192.168.2.5 | 0xab75 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false |
Click to jump to process
Target ID: | 0 |
Start time: | 11:41:06 |
Start date: | 26/05/2023 |
Path: | C:\Windows\System32\msiexec.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79d900000 |
File size: | 66048 bytes |
MD5 hash: | 4767B71A318E201188A0D0A420C8B608 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 1 |
Start time: | 11:41:06 |
Start date: | 26/05/2023 |
Path: | C:\Windows\System32\msiexec.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79d900000 |
File size: | 66048 bytes |
MD5 hash: | 4767B71A318E201188A0D0A420C8B608 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 2 |
Start time: | 11:41:08 |
Start date: | 26/05/2023 |
Path: | C:\Windows\SysWOW64\msiexec.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11f0000 |
File size: | 59904 bytes |
MD5 hash: | 12C17B5A5C2A7B97342C362CA467E9A2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 3 |
Start time: | 11:41:09 |
Start date: | 26/05/2023 |
Path: | C:\Windows\Installer\MSI2A38.tmp |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1320000 |
File size: | 423936 bytes |
MD5 hash: | 0007940F5479831428131F029D3BD8F7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Target ID: | 5 |
Start time: | 11:41:10 |
Start date: | 26/05/2023 |
Path: | C:\Windows\Installer\MSI2E51.tmp |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1180000 |
File size: | 423936 bytes |
MD5 hash: | 0007940F5479831428131F029D3BD8F7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Target ID: | 8 |
Start time: | 11:41:55 |
Start date: | 26/05/2023 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff627730000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 9 |
Start time: | 11:41:55 |
Start date: | 26/05/2023 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7fcd70000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 10 |
Start time: | 11:41:55 |
Start date: | 26/05/2023 |
Path: | C:\Windows\System32\net.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff737ac0000 |
File size: | 56832 bytes |
MD5 hash: | 15534275EDAABC58159DD0F8607A71E5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 11 |
Start time: | 11:41:55 |
Start date: | 26/05/2023 |
Path: | C:\Windows\System32\net1.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff734b00000 |
File size: | 175104 bytes |
MD5 hash: | AF569DE92AB6C1B9C681AF1E799F9983 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Target ID: | 12 |
Start time: | 11:42:09 |
Start date: | 26/05/2023 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff627730000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Target ID: | 13 |
Start time: | 11:42:09 |
Start date: | 26/05/2023 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7fcd70000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Target ID: | 14 |
Start time: | 11:42:09 |
Start date: | 26/05/2023 |
Path: | C:\Windows\System32\nltest.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6e1400000 |
File size: | 514048 bytes |
MD5 hash: | 3198EC1CA24B6CB75D597CEE39D71E58 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |