Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

jenkins.msi

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Jenkins, Author: Jenkins Project, Keywords: Installer, Comments: Jenkins Automation Server, Template: x64;1033, Revision Number: {976DD074-1202-4580-814B-4973B4C3EEB9}, Create Time/Date: Wed Oct 2 13:06:36 2024, Last Saved Time/Date: Wed Oct 2 13:06:36 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2

initial sample

Details

Filetype:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Jenkins, Author: Jenkins Project, Keywords: Installer, Comments: Jenkins Automation Server, Template: x64;1033, Revision Number: {976DD074-1202-4580-814B-4973B4C3EEB9}, Create Time/Date: Wed Oct 2 13:06:36 2024, Last Saved Time/Date: Wed Oct 2 13:06:36 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
Entropy:	7.977047236208164
Filename:	jenkins.msi
Filesize:	99504128
MD5:	d239b432c81e790a86eaa61f423d60f5
SHA1:	b943c344a81e06dd5996c4a64636070c95423085
SHA256:	25f54f401f83453e20c8c7d1459032a7888dbe3d4f895531e6089eff5c799a84
SHA512:	674809a92889c49133856a9931d81166229e1a762bee970cfe082eb6a220c2259dde0e400e5dae6945d5243251d816980c9705c55a578ec1b896039908de00b6
SSDEEP:	1572864:wHksAvgbb3vmzn9c/l6ndo+651VwRKCsF12QUqBaBsh9X0Ott5IX0Im/LNfp2SdY:dvgbb3ORcArO1ijI12QUqBaBsh6at5Is
Preview:	........................>.................................................................................... ...$...(...,...0...4...8...<...@...D...H...L...P...T...X...\.....................................................................................

Signature Hits	Behavior Group	Mitre Attack
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\MSIC095.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

modified

Details

File:	C:\Users\user\AppData\Local\Temp\MSIC095.tmp
Category:	modified
Dump:	MSIC095.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.518267525263852
Encrypted:	false
Ssdeep:	1536:+2UUj/2wsaO1oxlVVCXBlSz0doGxCznBxJFQNCUIsWK6cd4WJpPpxB60q9:dUU6w3lVoxlSz0jUtiNbb4WrPpxB6D9
Size:	107008
Whitelisted:	true
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Processes

Path

Cmdline

Malicious

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\jenkins.msi"

Details

Is windows:	true
Is dropped:	false
PID:	6988
Target ID:	0
Parent PID:	4056
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\System32\msiexec.exe
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\jenkins.msi"
Size:	69632
MD5:	E5DA170027542E25EDE42FC54C929077
Time:	16:03:55
Date:	28/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66cc00000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

Details

Is windows:	true
Is dropped:	false
PID:	1384
Target ID:	2
Parent PID:	624
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\System32\msiexec.exe
Commandline:	C:\Windows\system32\msiexec.exe /V
Size:	69632
MD5:	E5DA170027542E25EDE42FC54C929077
Time:	16:03:56
Date:	28/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66cc00000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 361666F5A55C0D6CC1FECD7EBD775BFC C

Details

Is windows:	true
Is dropped:	false
PID:	4340
Target ID:	10
Parent PID:	1384
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\msiexec.exe
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 361666F5A55C0D6CC1FECD7EBD775BFC C
Size:	59904
MD5:	9D09DC1EDA745A5F87553048E57620CF
Time:	16:04:04
Date:	28/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x30000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
jenkins.msi

Files

Processes

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportjenkins.msi

Files

Processes

IOC Report
jenkins.msi