5c13e6.msi

Status: finished

Submission Time: 2024-11-28 13:24:05 +01:00

Malicious

Trojan

Spyware

Evader

AteraAgent

Comments

Details

Analysis ID:
1564527
API (Web) ID:
1564527
Analysis Started:

2024-11-28 13:24:07 +01:00
Analysis Finished:

2024-11-28 13:35:47 +01:00
MD5:
0220a7d4b82136a3c7973a627e4b5f50
SHA1:
0358023548ea3d3dd86de19abb7c2ddb15010736
SHA256:
0ef72d3570f61432dcb4f1afbb64c54775d497feaa127e5771dd550f245fd28e
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 88	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 10/38

IPs

IP	Country	Detection
108.158.75.4	United States
13.232.67.198	United States
13.232.67.199	United States

Domains

Name	IP	Detection
ps.pndsn.com	13.232.67.198
bg.microsoft.map.fastly.net	199.232.214.172
d25btwd9wax8gu.cloudfront.net	108.158.75.4
Click to see the 3 hidden entries
fp2e7a.wpc.phicdn.net	192.229.221.95
ps.atera.com	0.0.0.0
agent-api.atera.com	0.0.0.0

URLs

Name	Detection
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6eac0c19-ed81-4142-86ce-d4bfe2f9e3ff&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=98770db9-b9c5-40a7-84a7-ea720f9b7aa0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zip
Click to see the 97 hidden entries
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c1235ff2-1096-4bcd-b42c-92f552aac0b4&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
https://agent-api.atera.com/Production/Agent/GetRecurringPackagesnection
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=377417ee-b208-4922-a278-778329313858
https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ba6a13f1-ebc9-4a1b-b6ac-2f0177a0d113&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0180680e-e6cb-400e-83d6-3808eb668088
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0180680e-e6cb-400e-83d6-3808eb668088&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPa
https://agent-api.atera.com/Production/Agent/GetRecurringPackagesnterval
https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip
https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f452f05c-24ab-44c2-90a0-e6c8fdaa9194
https://www.newtonsoft.com/jsonschema
https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip
https://agent-api.atera.com/Production/Agent/GetRecurringPackages
https://agent-api.atera.com/
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e1b9fd91-c306-4290-9b3f-369d7c5c009e
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cf670f90-2c48-42f2-8c3d-1518a12474cf
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fe0f6a4a-994b-4250-bc9b-b5822a0b9625&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://agent-api.atera.com/Production/Agent/GetCommands
https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=329cd285-2dd4-4cef-8f0f-afb56ab5caec&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformati
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=79b0f33b-8550-42a3-8fa1-b61745ab84d2&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://ps.atera.com
http://www.w3.o
https://agent-api.P
https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d4bd921a-933d-426f-b266-ff3906eda0dc&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=914d5960-15b7-4468-88cf-9462e85c2124&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ac4fb316-6088-4f09-94da-3e83236acc31&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cad12679-119f-4810-9e43-100014c76ca9&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation
https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
http://www.w3.oh
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ba6a13f1-ebc9-4a1b-b6ac-2f0177a0d113
https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
https://agent-api.aterD
https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/A
https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
http://wixtoolset.org/news/
https://agent-api.atera.com/Production/Agent/Age
https://www.newtonsoft.com/json
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5217d3d2-da87-42e8-9726-56daff914c54&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=78d5a8c0-6e60-43a1-8c43-b430a42d1135&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://agent-api.atera.com/Production/Agent/
https://ps.pndsn.com
https://agent-api.atera.com/Production/Agent/AgentStarting)
http://acontrol.atera.com/
https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=31245592-ca57-413a-838a-25566e4ba460&tr=31&tt=17327967212159752&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://agent-api.atera.com/Production/Agent/track-event;
https://agent-api.atera.com/Production/Agent/GetCommandsFallback0
https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.7/Agent.Pac
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=bc48e4ab-59d5-4385-9ebb-6bdf934e8e43
https://agent-api.atera.com/Production
http://wixtoolset.org
http://schemas.datacontract.org/2004/07/System.ServiceProcess
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cf670f90-2c48-42f2-8c3d-1518a12474cf&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://agent-api.atera.com/Production/Agent/AgentStartingB
https://ps.atera.com/agentpackagesmac/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
https://agent-api.PR
https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c7e4c087-67a4-410d-b929-654d988ae41f&tr=31&tt=17327967212159752&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
http://dl.google.com/googletalk/googletalk-setup.exe
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f8b53c58-e2e7-4a77-a6fb-ccd81bb3df54
https://agent-api.atera.com/Production/Agent/track-event
http://crl.microsoft
http://schemas.datacontract.org
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8be8b67-b9dc-4bd8-9f60-1df842ebee06&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://agent-api.Pjv
https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=363c6e5c-519b-49a4-bb28-3c290a721f04&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://agent-api.atera.com/Production/Agent/GetCommandsFallback2/
https://agent-api.atera.com/Production/Agent/AgentStartingX7.
https://agent-api.atera.com/Production/Agent/AgentStarting
https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794
https://agent-api.atera.com
https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zip
https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentI
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a543e4d2-478c-4637-a32f-01e5c1d96820&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscovery
https://github.com/icsharpcode/SharpZipLib
https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
http://schemas.datacontract.org/2004/07/
https://agent-api.atera.com/Production/Agent/GetRecurrin
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d1a4fa35-d7fa-4da0-99b6-08c62f57c171
https://ps.atera.com/agentpackageswin/AgentPackageTaskSchedul
http://agent-api.atera.com
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=bb8be473-c9e0-49d3-afb3-ff89cc2038f2&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f
https://agent-api.P(
https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6
https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip

Dropped files

Name	File Type	Hashes
C:\Windows\Installer\MSI6BB9.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive	#
C:\Windows\Temp\~DFCC791DA1EF222C85.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DFBFB6DF824FA39372.TMP	Composite Document File V2 Document, Cannot read section info	#
Click to see the 27 hidden entries
C:\Windows\Temp\~DF6D201690A06C6388.TMP	data	#
C:\Windows\Temp\~DF6331E09D6B6BFB1B.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DF1C46BEF5561279DD.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DF0301261F3F564947.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\System32\InstallUtil.InstallLog	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	#
C:\Windows\Installer\inprogressinstallinfo.ipi	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Installer\MSIA1A4.tmp-\AlphaControlAgentInstallation.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Windows\Installer\MSIA1A4.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive	#
C:\Windows\Installer\MSI8742.tmp	data	#
C:\Windows\Installer\MSI82CC.tmp-\AlphaControlAgentInstallation.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Windows\Installer\MSI82CC.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive	#
C:\Windows\Installer\MSI6BB9.tmp-\AlphaControlAgentInstallation.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Config.Msi\4c685e.rbs	data	#
C:\Windows\Installer\MSI6995.tmp-\AlphaControlAgentInstallation.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Windows\Installer\MSI6995.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive	#
C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	#
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	#
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	#

Deep Malware Analysis

5c13e6.msi

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

5c13e6.msi Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

5c13e6.msi