IOC Report
Chrome installer.msi

Files

File Path

Type

Category

Malicious

Chrome installer.msi

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 936, Revision Number: {40696F29-9392-487E-94B5-B959D9CCBE06}, Number of Words: 2, Subject: Chrome installer, Author: Chrome installer, Name of Creating Application: Chrome installer, Template: ;2052, Comments: Installer Chrome installer , Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200

initial sample

Details

Filetype:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 936, Revision Number: {40696F29-9392-487E-94B5-B959D9CCBE06}, Number of Words: 2, Subject: Chrome installer, Author: Chrome installer, Name of Creating Application: Chrome installer, Template: ;2052, Comments: Installer Chrome installer , Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
Entropy:	7.954367606568133
Filename:	Chrome installer.msi
Filesize:	24651776
MD5:	669d015772307b7cde15bc889e05d1cd
SHA1:	af4b11787b090ce8ba9cb54340e462afe21c72dd
SHA256:	e2090c6f292a56860a08601ba367bf0faf71370cf5425b097a5a42ae3bc6c32a
SHA512:	cc3cc36c0a067c5709c7565e763681273053023bd945161895877f23431fc53813316fc88d02fb4d2b60b35ef172831407932f87510601609e7609f2da14fb74
SSDEEP:	393216:XghatIaNO/HbI4qW5QQncXoQzJmv0dNwQDt03+qQ7wQTU+BkUDHjEPTM4PJVtGlx:ualOPqaQckoQzJb6Q5CQ7pTU6hDDEPTM
Preview:	........................>...................y.......................'...........i.......B......................................................................................................................................................................

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary
URLs found in memory or binary data	Networking
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\MSI8253.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI8253.tmp
Category:	dropped
Dump:	MSI8253.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.450187144191945
Encrypted:	false
Ssdeep:	6144:X+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOAVafv5kh4JQCmR+gj:X+SuPgAc8+MjGCCslegDiwX5vOCmR+gj
Size:	570784
Whitelisted:	true
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates temporary files	System Summary

C:\Users\user\AppData\Local\Temp\MSI82C1.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI82C1.tmp
Category:	dropped
Dump:	MSI82C1.tmp.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.450187144191945
Encrypted:	false
Ssdeep:	6144:X+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOAVafv5kh4JQCmR+gj:X+SuPgAc8+MjGCCslegDiwX5vOCmR+gj
Size:	570784
Whitelisted:	true
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\MSI82F1.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI82F1.tmp
Category:	dropped
Dump:	MSI82F1.tmp.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.450187144191945
Encrypted:	false
Ssdeep:	6144:X+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOAVafv5kh4JQCmR+gj:X+SuPgAc8+MjGCCslegDiwX5vOCmR+gj
Size:	570784
Whitelisted:	true
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\MSI8311.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI8311.tmp
Category:	dropped
Dump:	MSI8311.tmp.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.450187144191945
Encrypted:	false
Ssdeep:	6144:X+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOAVafv5kh4JQCmR+gj:X+SuPgAc8+MjGCCslegDiwX5vOCmR+gj
Size:	570784
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\MSI83FD.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI83FD.tmp
Category:	dropped
Dump:	MSI83FD.tmp.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.450187144191945
Encrypted:	false
Ssdeep:	6144:X+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOAVafv5kh4JQCmR+gj:X+SuPgAc8+MjGCCslegDiwX5vOCmR+gj
Size:	570784
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\MSI844C.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI844C.tmp
Category:	dropped
Dump:	MSI844C.tmp.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.450187144191945
Encrypted:	false
Ssdeep:	6144:X+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOAVafv5kh4JQCmR+gj:X+SuPgAc8+MjGCCslegDiwX5vOCmR+gj
Size:	570784
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Processes

Path

Cmdline

Malicious

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Chrome installer.msi"

Details

Is windows:	true
Is dropped:	false
PID:	3848
Target ID:	0
Parent PID:	2580
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\System32\msiexec.exe
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Chrome installer.msi"
Size:	69632
MD5:	E5DA170027542E25EDE42FC54C929077
Time:	15:59:06
Date:	21/12/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff684400000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

Details

Is windows:	true
Is dropped:	false
PID:	3244
Target ID:	1
Parent PID:	620
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\System32\msiexec.exe
Commandline:	C:\Windows\system32\msiexec.exe /V
Size:	69632
MD5:	E5DA170027542E25EDE42FC54C929077
Time:	15:59:07
Date:	21/12/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff684400000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5F18BD9C3E272A99955F5082C9A5D85E C

Details

Is windows:	true
Is dropped:	false
PID:	4228
Target ID:	2
Parent PID:	3244
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\msiexec.exe
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 5F18BD9C3E272A99955F5082C9A5D85E C
Size:	59904
MD5:	9D09DC1EDA745A5F87553048E57620CF
Time:	15:59:07
Date:	21/12/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x5d0000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

IP

Malicious

https://www.advancedinstaller.com

unknown

https://www.thawte.com/cps0/

unknown

https://www.thawte.com/repository0W

unknown