top title background image
flash

setup.msi

Status: finished
Submission Time: 2025-01-30 17:06:09 +01:00
Malicious
Evader

Comments

Tags

  • LegionLoader
  • msi

Details

  • Analysis ID:
    1603168
  • API (Web) ID:
    1603168
  • Analysis Started:
    2025-01-30 17:06:15 +01:00
  • Analysis Finished:
    2025-01-30 17:16:27 +01:00
  • MD5:
    c28e4d5c4719cca2ffe76f033e79e028
  • SHA1:
    b2b4e1e2b337e7de7dcef05dafaa249f6ced2eaa
  • SHA256:
    bdfecf574ba864ad209ae5e7f1ef57fcc6c461f46e9fd8f21d94cb9312ec9a45
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 10/36

IPs

IP Country Detection
169.150.247.36
United States

Domains

Name IP Detection
emarketstats.com
169.150.247.36

URLs

Name Detection
http://subca.ocsp-certum.com05
http://www.certum.pl/CPS0
http://emarketstats.com/
Click to see the 24 hidden entries
https://aka.ms/winui2/webview2download/Reload():
http://ccsca2021.ocsp-certum.com05
http://repository.certum.pl/ctnca2.cer09
http://crl.certum.pl/ctnca2.crl0l
http://dashif.org/guidelines/trickmode
http://www.videolan.org/x264.html
http://subca.ocsp-certum.com01
http://emarketstats.com/front.php?a=nGjkstF3bF3ajIV&id=0
http://subca.ocsp-certum.com02
http://emarketstats.com/v
http://www.zlib.net/D
http://crl.certum.pl/ctsca2021.crl0o
https://streams.videolan.org/upload/
http://repository.certum.pl/ctsca2021.cer0
https://github.com/google/googletest/
http://repository.certum.pl/ccsca2021.cer0
https://www.certum.pl/CPS0
http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsd
http://emarketstats.com/front.php?a=nGjkstF3bF3ajIV&id=0dK~
https://java.oracle.com/
http://crl.certum.pl/ctnca.crl0k
http://repository.certum.pl/ctnca.cer09
http://schemas.mic

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\Tusiq Juso Corp\Tiaow VApp\obs-ffmpeg-mux.exe
PE32+ executable (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\Tusiq Juso Corp\Tiaow VApp\obs.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\Tusiq Juso Corp\Tiaow VApp\swresample-4.dll
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
#
Click to see the 11 hidden entries
C:\Users\user\AppData\Roaming\Tusiq Juso Corp\Tiaow VApp\swscale-7.dll
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\Tusiq Juso Corp\Tiaow VApp\utest.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\Tusiq Juso Corp\Tiaow VApp\w32-pthreads.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\Tusiq Juso Corp\Tiaow VApp\zlib.dll
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
#
C:\Windows\Installer\MSI9E1A.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Installer\MSI9E98.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Installer\MSI9EE7.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Installer\MSI9F17.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Installer\MSI9F66.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Installer\MSI9F96.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Installer\MSI9FC6.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#