Setup.exe

Status: finished

Submission Time: 2025-04-10 00:58:11 +02:00

Malicious

Trojan

Spyware

Evader

Vidar

Comments

Details

Analysis ID:
1661277
API (Web) ID:
1661277
Analysis Started:

2025-04-10 00:58:11 +02:00
Analysis Finished:

2025-04-10 01:07:17 +02:00
MD5:
8887c007b2ebf24539e549f8c740c595
SHA1:
daa687d192d99eaad6f1ee3122b25e529d7dd913
SHA256:
e9d527d54464118a47eaf72c4b18171e71011471b811a638e75c0b37289f2765
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 33/72

malicious

Score: 14/36

IPs

IP	Country	Detection
78.47.105.59	Germany
20.189.173.6	United States
149.154.167.99	United Kingdom
Click to see the 13 hidden entries
18.173.132.23	United States
162.159.61.3	United States
104.208.16.92	United States
20.110.205.119	United States
204.79.197.219	United States
172.64.41.3	United States
142.250.176.196	United States
23.206.121.10	United States
239.255.255.250	Reserved
23.206.121.17	United States
23.206.121.8	United States
142.250.72.97	United States
204.79.197.203	United States

Domains

Name	IP	Detection
qt.ap.4t.com	78.47.105.59
onedscolprdcus23.centralus.cloudapp.azure.com	104.208.16.92
browser.events.data.msn.com	0.0.0.0
Click to see the 21 hidden entries
api.msn.com	0.0.0.0
apis.google.com	0.0.0.0
bzib.nelreports.net	0.0.0.0
ntp.msn.com	0.0.0.0
aTRWSyACDjTfbCZwiwOK.aTRWSyACDjTfbCZwiwOK	0.0.0.0
c.msn.com	0.0.0.0
assets.msn.com	0.0.0.0
www.google.com	142.250.176.196
sb.scorecardresearch.com	18.173.132.23
play.google.com	142.250.65.238
s-part-0012.t-0009.t-msedge.net	13.107.246.40
ogads-pa.clients6.google.com	142.251.40.234
a233.dscd.akamai.net	23.206.121.17
ax-0001.ax-msedge.net	150.171.27.10
c-msn-pme.trafficmanager.net	20.110.205.119
a-0003.a-msedge.net	204.79.197.203
t.me	149.154.167.99
a416.dscd.akamai.net	23.206.121.10
ax-0002.ax-msedge.net	150.171.28.11
plus.l.google.com	142.250.80.14
chrome.cloudflare-dns.com	162.159.61.3

URLs

Name	Detection
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
https://permanently-removed.invalid/reauth/v1beta/users/
https://m.google.com/devicemanagement/data/api
Click to see the 97 hidden entries
http://anglebug.com/4722
https://assets.msn.com/statics/icons/favicon_newtabpage.png
http://anglebug.com/5371
https://permanently-removed.invalid/v1/issuetoken
http://anglebug.com/5375
https://bzib.nelreports.net/api/report?cat=bingbusiness
http://anglebug.com/7553
http://anglebug.com/3078
https://permanently-removed.invalid/chrome/blank.html
https://plus.google.com
https://docs.google.com/presentation/u/0/create?usp=chrome_actions
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
https://drive-daily-5.corp.google.com/
https://excel.new?from=EdgeM365Shoreline
https://drive-daily-1.corp.google.com/
https://ogads-pa.clients6.google.com
https://issuetracker.google.com/161903006
http://www.autoitscript.com/autoit3/X
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://unitedstates1.ss.wd.microsoft.us/
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
https://drive-daily-2.corp.google.com/
https://play.google.com/log?format=json&hasfast=truegle.asyncdata.v1.AsyncDataService/GetAsyncData
http://anglebug.com/5007
https://docs.google.com/presentation/J
http://anglebug.com/3624
http://anglebug.com/3625
https://www.office.com
https://c.msn.com/c.gif?rnd=1744239622617&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=5faa5f59a4344c8a932d7a3abfcc9f34&activityId=5faa5f59a4344c8a932d7a3abfcc9f34&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0
http://anglebug.com/3623
http://anglebug.com/3502
https://issuetracker.google.com/258207403
http://anglebug.com/6692
https://permanently-removed.invalid/RotateBoundCookies
https://browser.events.data.msn.com/
https://cdnjs.cloudflare.com/ajax/libs/mathjax/
https://gemini.google.com/app?q=
https://clients4.google.com/chrome-sync
https://assets.msn.cn/resolver/
https://chrome.google.com/webstore/
https://assets.msn.com/bundles/v1/edgeChromium/latest/common.2e6282dcfb9af2a64743.js
https://srtb.msn.cn/
https://drive-preprod.corp.google.com/
https://chromewebstore.google.com/
http://anglebug.com/7556
https://ntp.msn.com/bundles/v1/edgeChromium/latest/web-worker.82b01c49017b9c3eff0d.js
https://permanently-removed.invalid/LogoutYxAB
https://mail.google.com/chat/download?usp=chrome_default7
https://mail.google.com/chat/
https://docs.google.com/document/:
https://docs.google.com/
https://deff.nelreports.net/api/report
http://dns-tunnel-check.googlezip.net/connect
https://support.google.com/chrome?p=desktop_tab_groups
https://ntp.msn.cn/edge/ntp
https://deff.nelreports.net/api/report?cat=msn
https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
https://issuetracker.google.com/284462263
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1744239624170&w=0&anoncknm=app_anon&NoResponseBody=true
https://permanently-removed.invalid/v1/events
https://deff.nelreports.net/api/report?cat=msnw
https://anglebug.com/7382
http://anglebug.com/4633
https://ntp.msn.com/_default
https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
https://docs.google.com/document/J
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
https://ntp.msn.com/0
https://permanently-removed.invalid/oauth2/v2/tokeninfo
https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
https://duckduckgo.com/ac/?q=
https://mail.google.com/mail/?usp=installed_webapp
http://anglebug.com/6929
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true
https://chrome.google.com/webstore
https://chromewebstore.google.com/https://chrome.google.com/webstore
https://anglebug.com/7489
https://anglebug.com/7369
https://anglebug.com/7246
https://permanently-removed.invalid/oauth2/v4/token
https://docs.google.com/document/u/0/create?usp=chrome_actions
https://issuetracker.google.com/255411748
https://www.google.com/chrome/browser-tools/
https://www.youtube.com/?feature=ytca
http://anglebug.com/5281
https://duckduckgo.com/chrome_newtab
http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1744239624178&w=0&anoncknm=app_anon&NoResponseBody=true
http://c.pki.goog/r/gsr1.crl
https://ogs.google.com/widget/callout?eom=1
http://anglebug.com/6248
https://drive.google.com/?lfhs=2
https://www.google.com/chrome/tips/
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531
https://steamcommunity.com/profiles/76561199843252735
http://unisolated.invalid/
https://anglebug.com/7714

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\519778\Blow.com	PE32 executable (GUI) Intel 80386, for MS Windows	#

Deep Malware Analysis

Setup.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

Setup.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

Setup.exe