tArE72wLqu.msi

Status: finished

Submission Time: 2024-05-14 16:24:15 +02:00

Malicious

Evader

Comments

Details

Analysis ID:
1441429
API (Web) ID:
1441429
Original Filename:
bbb45077f52c14bda8e240fc2e94e36efc1d45c24a40f51a4ed7f506126d4c36.msi
Analysis Started:

2024-05-14 16:24:24 +02:00
Analysis Finished:

2024-05-14 16:33:02 +02:00
MD5:
94089be88986618b7be913ee8b0d8a67
SHA1:
377ecca72bbdf278cb2a15531188e14eb59145e4
SHA256:
bbb45077f52c14bda8e240fc2e94e36efc1d45c24a40f51a4ed7f506126d4c36
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 80	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 8/38

malicious

IPs

IP	Country	Detection
172.67.211.90	United States

Domains

Name	IP	Detection
stand-dog.com	172.67.211.90

URLs

Name	Detection
https://aka.ms/pscore6lB
http://freedesktop.org
http://www.winimage.com/zLibDll-1.2.11
Click to see the 22 hidden entries
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://stand-dog.com/getLicenseInfo.php?need=lic&timestamp=581
http://www.freedesktop.org/standards/desktop-bookmarksapplicationgroupapplicationsgroupsprivateiconh
http://www.winimage.com/zLibDll
https://stand-dog.com
https://www.openssl.org/H
http://stand-dog.com
https://nuget.org/nuget.exe
https://contoso.com/
http://www.freedesktop.org/standards/shared-mime-info
http://nuget.org/NuGet.exe
http://crl.m
https://github.com/Pester/Pester
http://freedesktop.orgtypenameexeccounttimestamp
http://www.freedesktop.org/standards/desktop-bookmarks
http://stand-dog.com/getLicenseInfo.php?need=lic&timestamp=581
https://contoso.com/Icon
https://contoso.com/License
http://www.unicode.org/copyright.html
https://go.micro
http://www.apache.org/licenses/LICENSE-2.0.html
http://pesterbdd.com/images/Pester.png

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libstdc++-6.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libintl-8.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libjson-c-2.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
Click to see the 48 hidden entries
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libkeepassx-autotype-windows.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libpcre-1.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libpcre2-16-0.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libpng16-16.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libqrencode.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libquazip5.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libreadline8.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libsodium-23.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libssl-1_1.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libssp-0.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libicuuc68.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libtermcap-0.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libwinpthread-1.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libykpers-1-1.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libyubikey-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libzstd.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\zlib1.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Windows\Installer\MSI13D.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI18C.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSIAD.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSIDD.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSIFD.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSIFFE1.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libcrypto-1_1.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\Temp\pss1E7.ps1	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scr1E5.ps1	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\KeePassXc.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\Qt5Concurrent.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\Qt5Core.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\Qt5Gui.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\Qt5Network.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\Qt5Svg.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\Qt5Widgets.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libbrotlicommon.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libbrotlidec.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libbz2-1.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\Temp\msi1E4.txt	Unicode text, UTF-16, little-endian text, with no line terminators	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libdouble-conversion.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libfreetype-6.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libgcc_s_dw2-1.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libgcrypt-20.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libglib-2.0-0.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libgpg-error-0.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libgraphite2.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libharfbuzz-0.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libiconv-2.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libicudt68.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Vuis Queue\AppQue\libicuin68.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#

Deep Malware Analysis

tArE72wLqu.msi

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

tArE72wLqu.msi Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

tArE72wLqu.msi