IOC Report
jHAa1hH0Qc.msi

Files

File Path

Type

Category

Malicious

jHAa1hH0Qc.msi

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 936, Revision Number: {36233B14-A37B-4038-8C06-5F4483E836FE}, Number of Words: 2, Subject: Firefox_Setup, Author: Firefox_Setup, Name of Creating Application: Firefox_Setup, Template: ;2052, Comments: Installer Firefox_Setup , Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sun Dec 15 00:03:22 2024, Number of Pages: 200

initial sample

Details

Filetype:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 936, Revision Number: {36233B14-A37B-4038-8C06-5F4483E836FE}, Number of Words: 2, Subject: Firefox_Setup, Author: Firefox_Setup, Name of Creating Application: Firefox_Setup, Template: ;2052, Comments: Installer Firefox_Setup , Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sun Dec 15 00:03:22 2024, Number of Pages: 200
Entropy:	7.993065949867395
Filename:	jHAa1hH0Qc.msi
Filesize:	98477056
MD5:	aa3e2235ba1ab2a848ef686eb84311fb
SHA1:	e3464ebfbc8b53ea1ad398b282fdd5c4166ac9cb
SHA256:	d56706136405ece7c511aa1be42fde18060ec286bc458eb166c470284da32972
SHA512:	08d674639bcfcf75de82f420b9f53bfab7ea8b90c40da9f945999153ca11391a7a4224012c6c9ca596f2408bc2fb3d603411a7974fc5a8337067b2d1119ca437
SSDEEP:	1572864:5s0SA0QAZJq3jBaC+YQo1fXMExh2MgXnlpMApfTF8tMoLM5VhBMn2XPzw2dqvuth:50VQocB+o5PTgXnlheioLM5TOn2E2dwJ
Preview:	........................>...........................................6...........M.......}.......\|...}...~.......................*...+...,...-......./...0...1...2...............k.......V......................................................................

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Sample is known by Antivirus	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\MSI1BAC.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI1BAC.tmp
Category:	dropped
Dump:	MSI1BAC.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.4696654484377945
Encrypted:	false
Ssdeep:	6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
Size:	602432
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates temporary files	System Summary

C:\Users\user\AppData\Local\Temp\MSI1C1A.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI1C1A.tmp
Category:	dropped
Dump:	MSI1C1A.tmp.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.4696654484377945
Encrypted:	false
Ssdeep:	6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
Size:	602432
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\MSI1C5A.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI1C5A.tmp
Category:	dropped
Dump:	MSI1C5A.tmp.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.4696654484377945
Encrypted:	false
Ssdeep:	6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
Size:	602432
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\MSI1CA9.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI1CA9.tmp
Category:	dropped
Dump:	MSI1CA9.tmp.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.4696654484377945
Encrypted:	false
Ssdeep:	6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
Size:	602432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\MSI1CC9.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI1CC9.tmp
Category:	dropped
Dump:	MSI1CC9.tmp.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.4696654484377945
Encrypted:	false
Ssdeep:	6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
Size:	602432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\MSI1D08.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI1D08.tmp
Category:	dropped
Dump:	MSI1D08.tmp.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.4696654484377945
Encrypted:	false
Ssdeep:	6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
Size:	602432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\MSI1DC5.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI1DC5.tmp
Category:	dropped
Dump:	MSI1DC5.tmp.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.4696654484377945
Encrypted:	false
Ssdeep:	6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
Size:	602432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\viewer.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\viewer.exe
Category:	dropped
Dump:	viewer.exe.3.dr
ID:	dr_7
Target ID:	3
Process:	C:\Windows\SysWOW64\msiexec.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.534588738111638
Encrypted:	false
Ssdeep:	12288:tbiQnSDqYisDEiD3jbTFiuiSiO+kP53nUNlQ:tbvnSDqJsDEiD3PTFTFiS53UNW
Size:	429568
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Processes

Path

Cmdline

Malicious

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\jHAa1hH0Qc.msi"

Details

Is windows:	true
Is dropped:	false
PID:	5304
Target ID:	0
Parent PID:	1028
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\System32\msiexec.exe
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\jHAa1hH0Qc.msi"
Size:	69632
MD5:	E5DA170027542E25EDE42FC54C929077
Time:	08:55:12
Date:	21/12/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff60d2a0000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

Details

Is windows:	true
Is dropped:	false
PID:	5960
Target ID:	1
Parent PID:	632
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\System32\msiexec.exe
Commandline:	C:\Windows\system32\msiexec.exe /V
Size:	69632
MD5:	E5DA170027542E25EDE42FC54C929077
Time:	08:55:12
Date:	21/12/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff60d2a0000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 543E1698A6A4B76379C9A86C8834D49C C

Details

Is windows:	true
Is dropped:	false
PID:	940
Target ID:	3
Parent PID:	5960
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\msiexec.exe
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 543E1698A6A4B76379C9A86C8834D49C C
Size:	59904
MD5:	9D09DC1EDA745A5F87553048E57620CF
Time:	08:55:12
Date:	21/12/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x350000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection