=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

LHRUnlocker Install.msi

Status: finished
Submission Time: 2022-02-23 18:45:07 +01:00
Malicious
Evader

Comments

Tags

Details

  • Analysis ID:
    577501
  • API (Web) ID:
    945026
  • Analysis Started:
    2022-02-23 18:48:22 +01:00
  • Analysis Finished:
    2022-02-23 18:58:43 +01:00
  • MD5:
    ca17c1bbedc959ad89f1c1dbf6b7aa32
  • SHA1:
    d24658face1f6fd3b457d7250c9b1a630798678d
  • SHA256:
    8fb46d2d56dd411ad10862204849abf9a4546f1ab1d40bcb6b0cac284debc055
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
45/100

URLs

Name Detection
https://t.me/LHRUnlockerMSIFASTINSTALLAI_CURRENT_YEAR2022ButtonText_Decline&DeclineAI_PREDEF_LCONDS_
http://nuget.org/NuGet.exe
http://pesterbdd.com/images/Pester.png0
Click to see the 20 hidden entries
https://github.com/Pester/Pester0
http://pesterbdd.com/images/Pester.png
https://www.thawte.com/cps0/
http://schemas.xmlsoap.org/soap/encoding/
http://www.apache.org/licenses/LICENSE-2.0.html
https://drivers.sergeydev.com/windows/511.65-desktop-win64bit-interr
https://go.micro
https://www.thawte.com/repository0W
http://schemas.xmlsoap.org/wsdl/
https://contoso.com/
https://nuget.org/nuget.exe
https://t.me/LHRUnlockerChannelButtonText_Finish&FinishManufacturerSergeyProductCode
https://contoso.com/License
https://contoso.com/Icon
https://www.advancedinstaller.com
http://www.winimage.com/zLibDll
http://www.apache.org/licenses/LICENSE-2.0.html0
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.winimage.com/zLibDll1.2.7rbr
https://github.com/Pester/Pester

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\pss341F.ps1
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\scr3351.ps1
Little-endian UTF-16 Unicode text, with CR line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#
Click to see the 17 hidden entries
C:\Users\user\AppData\Local\Temp\MSIEF62.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MSIF280.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MSIF34C.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MSIF447.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MSIF513.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MSIF69B.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MSIF832.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5xdfaoyo.lnf.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i2ddoyuu.1tk.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lf5no10l.5dz.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xhr5i13g.js1.psm1
very short file (no magic)
#
C:\Users\user\Documents\20220223\PowerShell_transcript.878411.jRMym6xB.20220223184945.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Windows\Installer\3c1a5a.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1 (…)
#
C:\Windows\Installer\MSI1FD8.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Installer\MSI2874.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Installer\MSI3268.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#