Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

SteamSetup.exe

Status: finished
Submission Time: 2024-11-19 23:59:09 +01:00
Suspicious
Trojan

Comments

Tags

  • exe

Details

  • Analysis ID:
    1558928
  • API (Web) ID:
    1558928
  • Analysis Started:
    2024-11-19 23:59:11 +01:00
  • Analysis Finished:
    2024-11-20 00:08:18 +01:00
  • MD5:
    1b34108b77b984e227bbad718d89594a
  • SHA1:
    a75f5432e2ce39dc6c3f190d8d35ee2475a0ae6b
  • SHA256:
    3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
suspicious
Score: 24
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
162.254.199.165
 United States
155.133.253.52
 Germany
162.254.199.184
 United States
Click to see the 4 hidden entries
104.102.49.254
 United States
155.133.253.36
 Germany
162.254.192.98
 United States
162.254.192.99
 United States

Domains

Name IP Detection
cmp1-atl3.steamserver.net
 162.254.199.165
api.steampowered.com
 104.102.49.254
cmp2-iad1.steamserver.net
 162.254.192.99
Click to see the 5 hidden entries
cmp1-dfw1.steamserver.net
 155.133.253.36
cmp2-atl3.steamserver.net
 162.254.199.184
cmp2-dfw1.steamserver.net
 155.133.253.52
cmp1-iad1.steamserver.net
 162.254.192.98
198.187.3.20.in-addr.arpa
 0.0.0.0

URLs

Name Detection
https://www.innosetup.com/
https://cmp2-atl3.steamserver.net/cmsocket/
https://aka.ms/dotnet-core-applaunch?framework=&framework_version=missing_runtime=true&arch=&rid=&os
Click to see the 37 hidden entries
http://uri.etsi.org/01903/v1.2.2#SSOFTWARE
https://aka.ms/dotnet-warnings/
https://github.com/dotnet/winforms
https://github.com/dotnet/wpf4
https://www.remobjects.com/ps
https://github.com/mono/linker/issues/1906.
https://aka.ms/serializationformat-binary-obsolete
https://github.com/mono/linker/issues/1981
https://api.steampowered.com/ISteamDirectory/GetCMListForConnect/v1/?format=vdf&cellid=0
https://aka.ms/binaryformatter
https://github.com/dotnet/linker/issues/2715.
https://github.com/dotnet/runtimeH
https://aka.ms/dotnet/download
https://github.com/mono/linker/issues/1187
https://www.steam.com/
https://cmp1-dfw1.steamserver.net/cmsocket/
https://www.steam.com/Q9Q
http://uri.etsi.org/01903/v1.2.2#bhttp://uri.etsi.org/01903/v1.2.2#SignedProperties
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
https://www.steam.com/Q6C
https://aka.ms/dotnet/info
https://github.com/dotnet/wpf
https://cmp1-iad1.steamserver.net/cmsocket/
https://github.com/mono/linker/issues/1416.
https://cmp2-dfw1.steamserver.net/cmsocket/
https://aka.ms/dotnet-core-applaunch?Architecture:
https://aka.ms/dotnet/app-launch-failed
https://github.com/dotnet/runtime;
https://cmp2-iad1.steamserver.net/cmsocket/
https://aka.ms/dotnet/sdk-not-foundFailed
https://aka.ms/dotnet-core-applaunch?
https://github.com/dotnet/runtime0
https://aka.ms/dotnet/downloadUsage:
https://github.com/dotnet/runtime
https://github.com/dotnet/runtimer
http://uri.etsi.org/01903/v1.2.2#SignedProperties
https://github.com/dotnet/runtimezX

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Programs\SteamClient\is-0A2IM.tmp
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Programs\SteamClient\is-EL3N4.tmp
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Programs\SteamClient\is-H6DF9.tmp
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #