install.exe

Status: finished

Submission Time: 2025-03-03 20:30:32 +01:00

Malicious

Phishing

Trojan

Spyware

Evader

DocSa Stealer

Comments

Details

Analysis ID:
1628424
API (Web) ID:
1628424
Analysis Started:

2025-03-03 20:30:33 +01:00
Analysis Finished:

2025-03-03 20:48:48 +01:00
MD5:
8ddf3abcae25e81007239f9e6b312091
SHA1:
1b24c8bb850b121aa053dcebc0f39c2f65f13bf3
SHA256:
5e5382cb2e96c518b43bda3215fa87448385516c24fe4b39ad0c8918fca75a7b
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 92	System: Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
	Full Report Management Report IOC Report	malicious Score: 92	System: Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09 Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

Open Full Report

malicious

Score: 22/72

IPs

IP	Country	Detection
87.250.254.20	Russian Federation
213.180.193.234	Russian Federation
5.45.192.8	Russian Federation
Click to see the 5 hidden entries
77.88.21.14	Russian Federation
5.45.247.13	Russian Federation
5.45.205.242	Russian Federation
5.45.205.243	Russian Federation
5.45.192.6	Russian Federation

URLs

Name	Detection
https://www.ecosia.org/newtab/
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
https://www.ya.ru/?win=688&clid=9183495-850&from=dist_bookmarkNR
Click to see the 97 hidden entries
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
http://go.mail.ru
http://ac.economia.gob.mx/last.crl0G
https://www.google.com/favicon.ico
https://www.ya.ru/?win=688&clid=2186617
https://drive-daily-5.corp.google.com/
https://www.youtube.com/
http://cachev2-rad-02.cdn.yandex.net/
https://yandex.fr/search/?win=
https://drive-daily-1.corp.google.com/
https://www.ya.ru/?from=dist_vz&win=
http://www.globaltrust.info0
https://music.yandex.by/?win=
https://repository.tsp.zetes.com0
https://www.anf.es/AC/ANFServerCA.crl0
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
https://payments.google.com/payments/v4/js/integrator.js
https://drive-daily-2.corp.google.com/
http://xml.org/sax/features/string-internings
https://wwww.certigna.fr/autorites/0m
https://chrome.google.com/webstore
https://suggest.yandex.by/suggest-ff.cgi?uil=ru&part=
https://storage.ape.yandex.net/get/browser/translator/tloader_v20.5.1.0_p.js
http://ocsp.sectigo.com0
http://www.datev.de/zertifikat-policy-int0
http://web.ncdc.gov.sa/crl/nrcaparta1.crl
http://crl2.postsignum.cz/crl/psrootqca4.crl01
https://www.ya.ru/favicon.ico&
https://adadis.yandex.net/v1/suggest
https://download.cdn.yandex.net/browser/win7/
http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
https://www.ya.ru/?from=dist_vz_bm&win=688&clid=9183497-850850
https://gemini.google.com/app?q=
https://www.yandex.fr/?win=
http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
http://www.appinf.com/features/enable-partial-readshttp://www.appinf.com/properties/bla-maximum-ampl
https://sandbox.google.com/
https://mail.yandex.kz/?from=dist_vz&win=
http://www.accv.es00
http://certs.oati.net/repository/OATICA2.crt0
http://certs.oaticerts.com/repository/OATICA2.crl
https://drive-preprod.corp.google.com/
https://www.yandex.kz/?win=
http://crl.oces.trust2408.com/oces.crl0
http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=9183405-850&u
https://www.google.com/search?q=autoit&oq=autoit&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBBzU3N2owajeoAgCwAgA
http://crl.dhimyotis.com/certignarootca.crl0
http://www.suscerte.gob.ve/dpc0
http://ca.disig.sk/ca/crl/ca_disig.crl0
https://setup.office.com/images/microsoft-favicon.ico?ver=24.4.11206.11358
https://docs.google.com/
http://crl.ssc.lt/root-c/cacrl.crl0
http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
https://www.yandex.kz/favicon.ico
http://repository.swisssign.com/0
http://www.chambersign.org1
https://harita.yandex.com.tr/?from=dist_vz
https://300.ya.ru/service-worker.jsb
http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
https://browser.yandex.
https://www.ya.ru/?from=dist_vz_bm&win=688&clid=9183497-850
https://www.ya.ru/?win=688&clid=91834
https://setup.office.com/restore-msal-state/#code=M.C530_BAY.2.U.b7b3d2a3-d504-3cf5-c092-8aac71127bd
http://ocsp.suscerte.gob.ve0
https://www.yandex.by/?from=dist_vz&win=
https://duckduckgo.com/ac/?q=
https://www.ya.ru/?from=dist_vz&
https://7-zip.org/favicon.ico
http://www.certplus.com/CRL/class3.crl0
http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
https://duckduckgo.com/chrome_newtab
http://policy.camerfirma.com0
http://www.certicamara.com/dpc/0Z
http://downloader.yandex.net/downloadable_soft/browser/recover-ru/Yandex.execumtom-welcome-pagehttp:
https://www.ya.ru/?win=688&clid=9183479-850e
http://crl.ssc.lt/root-b/cacrl.crl0
https://duckduckgo.com/?q=
https://www.yandex.com.tr/favicon.ico
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
https://www.anf.es/address/)1(0&
http://www.anf.es/es/address-direccion.html
https://yandex.fr/favicon.ico
https://300.ya.ru/service-worker.js2
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
https://download.cdn.yandex.net/browser/installer/alice/scenarios/
http://pki.registradores.org/normativa/index.htm0
https://www.autoitscript.com:443
https://office.com/setupGER
https://download.cdn.yandex.net/browser-partners/yandex/25_2_2_836_73601/browser-setup.arc
https://download.cdn.yandex.net/browser/installer/
https://yandex.com.tr/search/?win=
https://sba.yandex.net/v4/fullHashes:find?key=01521754e0283a825c337d251a646d697472792d74b26c94b5f5b6
http://www.disig.sk/ca/crl/ca_disig.crl0
https://yastatic.net/morda-logo/i/favicon_comtr.icod5
http://downloader.yandex.net/banner/ntpagelogo/
https://cachev2-ams17.cdn.yandex.net/download.cdn.yandex.net/browser-partners/yandex/25_2_2_836_7360

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\aqo0o2a7.default-release\prefs.js	CSV text	#
C:\Users\user\AppData\Local\Yandex\YaPin\Yandex.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Mon Mar 3 18:32:15 2025, mtime=Mon Mar 3 18:32:15 2025, atime=Thu May 30 21:25:02 2024, length=407360, (…)	#
C:\Users\user\AppData\Local\Yandex\YaPin\YandexWorking.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
Click to see the 49 hidden entries
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7lm9kv4h.default\places.sqlite	SQLite 3.x database, user version 28, last written using SQLite version 3036000, writer version 2, read version 2, file counter 4, database pages 17, cookie 0xb, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7lm9kv4h.default\places.sqlite-journal	SQLite Rollback Journal	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7lm9kv4h.default\places.sqlite-shm	data	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7lm9kv4h.default\places.sqlite-wal	SQLite Write-Ahead Log, version 3007000	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7lm9kv4h.default\prefs.js	CSV text	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7lm9kv4h.default\searchplugins\yandex.ru-20253203.xml	Unicode text, UTF-8 text, with very long lines (10119), with no line terminators	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7lm9kv4h.default\xulstore.json	JSON data	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\aqo0o2a7.default-release\places.sqlite	SQLite 3.x database, user version 78, last written using SQLite version 3046001, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\aqo0o2a7.default-release\places.sqlite-shm	data	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\aqo0o2a7.default-release\places.sqlite-wal	SQLite Write-Ahead Log, version 3007000	#
C:\Users\user\AppData\Local\Yandex\YaPin\Yandex.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\aqo0o2a7.default-release\search.json.mozlz4	Mozilla lz4 compressed data, originally 6190 bytes	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\aqo0o2a7.default-release\xulstore.json	JSON data	#
C:\Windows\Installer\MSI29A8.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI2A46.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI2A95.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI2AF3.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI2BDF.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI2C4D.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI2E71.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI3095.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI34EB.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI3615.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\aqo0o2a7.default-release\thumbnails\974434fa9091be66d5ac5cdce2eb0434	PNG image data, 455 x 256, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal	SQLite Rollback Journal	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000008.dbtmp	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000009.sst	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences	JSON data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites	SQLite 3.x database, last written using SQLite version 3036000, file counter 5, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 5	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal	SQLite Rollback Journal	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KA259YPD\YandexPackSetup[1].exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\7lm9kv4h.default\thumbnails\39a81011b1514779b134ac0a3fa37c46	PNG image data, 455 x 256, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\7lm9kv4h.default\thumbnails\39a81011b1514779b134ac0a3fa37c46.png	PNG image data, 455 x 256, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\7lm9kv4h.default\thumbnails\9d28c496db05381bc43d3c872efb9f4d	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 455x256, components 3	#
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\7lm9kv4h.default\thumbnails\9d28c496db05381bc43d3c872efb9f4d.png	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 455x256, components 3	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons	SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 15, database pages 31, cookie 0x8, schema 4, UTF-8, version-valid-for 15	#
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\aqo0o2a7.default-release\thumbnails\974434fa9091be66d5ac5cdce2eb0434.png	PNG image data, 455 x 256, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\aqo0o2a7.default-release\thumbnails\9d28c496db05381bc43d3c872efb9f4d	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 455x256, components 3	#
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\aqo0o2a7.default-release\thumbnails\9d28c496db05381bc43d3c872efb9f4d.png	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 455x256, components 3	#
C:\Users\user\AppData\Local\Temp\274E022F-716C-483D-AEFC-54ABB3CD3184\seederexe.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\2a4d6bc2-2d0f-47c0-9b4c-6e1f8adf1c05\download.ps1	ASCII text	#
C:\Users\user\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\B174AD82-997D-4C5C-9D5B-400233BB86CE\sender.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\CFCC80EB-5F05-443D-A013-FEB23355885F\lite_installer.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\omnija-20253203.zip	Zip archive data, made by v2.0 UNIX, extract using at least v1.0, last modified Wed Dec 19 21:00:48 2001, uncompressed size 86399, method=store	#
C:\Users\user\AppData\Local\Temp\pin\explorer.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\yb7037.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\{64DAD2B8-CC64-4C4D-849E-10EE47F822EA}.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#

Deep Malware Analysis

install.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Deep Malware Analysis

install.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

install.exe