Windows Analysis Report
#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f.msi

Overview

General Information

Sample name:	#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f.msi renamed because original name is a hash value
Original sample name:	.msi
Analysis ID:	1527611
MD5:	cc2cb14a6f6413143874d23f7df44947
SHA1:	540d66da3a0b2d29ee3db358ba7ccdbf2320c96e
SHA256:	e9ab01013a8cd1f252f8e4f6db98ebc2e0fe2a2067042b1a0de032607c2ada9d
Tags:	msiSliverFoxuser-bloated7731
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Query firmware table information (likely to detect VMs)

Checks for available system drives (often done to infect USB drives)

Creates files inside the system directory

Deletes files inside the Windows folder

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Found dropped PE file which has not been started or loaded

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Classification

Signatures

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\Windows NT\Update.png	ReversingLabs: Detection: 75%
Source: C:\Program Files (x86)\Windows NT\Update.png	Virustotal: Detection: 51%	Perma Link
Source: C:\Windows\Installer\MSIFE4A.tmp	ReversingLabs: Detection: 75%
Source: C:\Windows\Installer\MSIFE4A.tmp	Virustotal: Detection: 51%	Perma Link

Multi AV Scanner detection for submitted file

Source: #U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f.msi	ReversingLabs: Detection: 37%
Source: #U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f.msi	Virustotal: Detection: 50%			Perma Link

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6ff919.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{A4B239A3-899F-47AC-AEC8-490EC71A5C07}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFA90.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6ff91b.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6ff91b.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFE4A.tmp	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\6ff91b.msi

Jump to behavior

Source: classification engine

Classification label: mal60.evad.winMSI@4/27@0/0

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\Windows NT\7za.exe

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF2F758227F79456CC.TMP

Jump to behavior

Source: #U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f.msi

Static file information: TRID: Microsoft Windows Installer (60509/1) 88.31%

Source: #U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f.msi	ReversingLabs: Detection: 37%
Source: #U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f.msi	Virustotal: Detection: 50%

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding F56E803D2B6F62C6314054092C86C0FA E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding F56E803D2B6F62C6314054092C86C0FA E Global\MSI0000	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior

Source: #U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f.msi

Static file information: File size 1777664 > 1048576

PE file contains sections with non-standard names

Source: 7za.exe.1.dr	Static PE information: section name: .sxdata
Source: MSIFE4A.tmp.1.dr	Static PE information: section name: .00cfg
Source: MSIFE4A.tmp.1.dr	Static PE information: section name: .voltbl
Source: MSIFE4A.tmp.1.dr	Static PE information: section name: _RDATA
Source: Update.png.2.dr	Static PE information: section name: .00cfg
Source: Update.png.2.dr	Static PE information: section name: .voltbl
Source: Update.png.2.dr	Static PE information: section name: _RDATA

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Windows NT\Update.png	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFE4A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Windows NT\7za.exe	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\MSIFE4A.tmp

Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\Windows NT\Update.png

Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Windows\System32\msiexec.exe

System information queried: FirmwareTableInformation

Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Windows NT\Update.png	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIFE4A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Windows NT\7za.exe	Jump to dropped file

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\msiexec.exe

Last function: Thread delayed

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1527611
Product:	CloudBasic
Start time:	06:36:06
Start date:	07.10.2024
Sample:	#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f.msi
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	cc2cb14a6f6413143874d23f7df44947
SHA1:	540d66da3a0b2d29ee3db358ba7ccdbf2320c96e
SHA256:	e9ab01013a8cd1f252f8e4f6db98ebc2e0fe2a2067042b1a0de032607c2ada9d
Filetype:	Microsoft Windows Installer (60509/1) 88.31%

Name	Type	MD5	SHA1	SHA256
C:\Config.Msi\6ff91a.rbs	data	B4BDFC22E7604FFAAF502E34E684CA2E	B1128EF3249BE0610154EB289B0F4B5B2CDBC5B6	137D409479A63B7D447D3F4376951E59E884F1DD3838BE8C1EB55930FFB4E027
C:\Program Files (x86)\Windows NT\7za.exe	PE32 executable (console) Intel 80386, for MS Windows	11FA744EBF6A17D7DD3C58DC2603046D	D99DE792FD08DB53BB552CD28F0080137274F897	1B16C41AE39B679384B06F1492B587B650716430FF9C2E079DCA2AD1F62C952D
C:\Program Files (x86)\Windows NT\Update.png	PE32+ executable (DLL) (console) x86-64, for MS Windows	FF2E6C3076FB9A011F6293CDA8B11231	607B477D18E17BAD88EF2B3140D5C017289EF688	6F1CDD464BB838132EB0BDEC4CB913C0607E744A5F0A05B56C0A7447984295E2
C:\Program Files (x86)\Windows NT\bin.dat	7-zip archive data, version 0.4	C31ADF7FF020273FC3D76B59296E51B2	2D77FED9A405AB74B23C95BF830C16A3631F3E66	F52307833A36C9ECF461A13E3EE3011B5BBA4A900975E13873991B9841AF50B8
C:\Program Files (x86)\Windows NT\locale.dat	7-zip archive data, version 0.4	1DA734D4B4BA8151E5510CFAEAFAAAD8	F3D88C0EDFDDE9BAB95B87EAC26B9BBF2CBEF457	0CFD612C9EBF39AF9D35D2CBEC2EB98446F8BA01926E5A01240898EB49DEDCA9
C:\Program Files (x86)\Windows NT\locale2.dat	7-zip archive data, version 0.4	93FF1E4F4E25186800B400FBDA858C72	F7FC374F8C6B030C3BA57F3ED431A690C521ABCC	A2D62EBE3601B4DF9A274097121F2DF61500B9B6E61BB7D783B1CA4D63B4B125
C:\Program Files (x86)\Windows NT\locale3.dat	7-zip archive data, version 0.3	9BBDA0C660D01F462F9056FDED907D56	0B8A913BD4A18C0616B2276952CFA6A4DBBE63E6	7BFBD73462C4F32F30791F808670249015B9D5E44A6B344B8569C463DE8E42B4
C:\Program Files (x86)\Windows NT\locale4.dat	7-zip archive data, version 0.3	A1D4588C1AE33AF2CA21B2851AF7335E	598D9C932015AE4B57D5510B4CA1A8B4858445FD	87A792C38C69E25E10C3A3CD3B38D1C77DFDC3E206D6917E2F095B61017712A6
C:\Windows\Installer\6ff919.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Setup, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Setup., Template: Intel;1033, Revision Number: {F7CB1EF0-F16A-4CF9-A62C-68ECA8309263}, Create Time/Date: Thu Sep 26 23:57:40 2024, Last Saved Time/Date: Thu Sep 26 23:57:40 2024, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2	CC2CB14A6F6413143874D23F7DF44947	540D66DA3A0B2D29EE3DB358BA7CCDBF2320C96E	E9AB01013A8CD1F252F8E4F6DB98EBC2E0FE2A2067042B1A0DE032607C2ADA9D
C:\Windows\Installer\6ff91b.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Setup, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Setup., Template: Intel;1033, Revision Number: {F7CB1EF0-F16A-4CF9-A62C-68ECA8309263}, Create Time/Date: Thu Sep 26 23:57:40 2024, Last Saved Time/Date: Thu Sep 26 23:57:40 2024, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2	CC2CB14A6F6413143874D23F7DF44947	540D66DA3A0B2D29EE3DB358BA7CCDBF2320C96E	E9AB01013A8CD1F252F8E4F6DB98EBC2E0FE2A2067042B1A0DE032607C2ADA9D
C:\Windows\Installer\MSIFA90.tmp	data	C2AB38AF6A9C53263D118CFD29F30A9B	10841043D7A0204892EC32C86930F541D17DD2A2	D26B9AAC898474C0E3C8CCB701C1CDFEBB7B450D91F62CC72E216B924AC4E1EF
C:\Windows\Installer\MSIFE4A.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	FF2E6C3076FB9A011F6293CDA8B11231	607B477D18E17BAD88EF2B3140D5C017289EF688	6F1CDD464BB838132EB0BDEC4CB913C0607E744A5F0A05B56C0A7447984295E2
C:\Windows\Installer\SourceHash{A4B239A3-899F-47AC-AEC8-490EC71A5C07}	Composite Document File V2 Document, Cannot read section info	A473A9F3B5460F2E3A61B53F25C857C8	0C819902D0C21B0EEFEADAD8ABEAE4C960BF6603	62E26E454E0669C73894507EC8BEFE21468A6A3178934AFD4A867F4850AF951F
C:\Windows\Installer\inprogressinstallinfo.ipi	Composite Document File V2 Document, Cannot read section info	D350CFC2918D17509564C5AE3E7B9D0E	082C07A521DF71D0229E6D5B12E4FB933926DC8F	4B0ABE3FABAD30581D0F68DC39766C4A34B7C6E81D81764589413C17873478B9
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	C17AA8C7BB5A5D6DED78603E2F3DDA66	16B45964F0DBA3F88EB7A21D9AC945E0D82E8253	CFA2555853332ABD04E4FFC42B901BBD34C1558C6CF2A4EA8B0A1AD1ECB946D4
C:\Windows\Temp\~DF11970499994F05EB.TMP	data	71C067F4EBF42E02937FF3EF0DBA6E97	CC6B1B399105CA1B8B01B15BF3664FC851DC579D	BE27D4C2A61EED47A90562D656607A4DE69E86BB33C2B06CEEBF086B15C683B6
C:\Windows\Temp\~DF2ED0ACABEAE9FFE6.TMP	Composite Document File V2 Document, Cannot read section info	F6248CBED73D1D6BF610FAD03FD85053	2E1CC20A761B55F58E2D606550075ABBF9F75229	9438D857F817F2718F784127DC35B69D23405EBCC5441AB6B023F2788F046F4C
C:\Windows\Temp\~DF2F758227F79456CC.TMP	data	C9A17CFAFD67E0BADDB6F5D6BA38ED9B	F0AE81FFAC572E96092246EC0EB22842A61BFCEA	E0F208FCD78B20B61346F85A6EC4C242B64D9E64F3FB3461DE8ADCB0393D3272
C:\Windows\Temp\~DF35293D8D487B9D06.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF41E963A392FA4DE9.TMP	Composite Document File V2 Document, Cannot read section info	D350CFC2918D17509564C5AE3E7B9D0E	082C07A521DF71D0229E6D5B12E4FB933926DC8F	4B0ABE3FABAD30581D0F68DC39766C4A34B7C6E81D81764589413C17873478B9
C:\Windows\Temp\~DF614E7163061EBF51.TMP	Composite Document File V2 Document, Cannot read section info	F6248CBED73D1D6BF610FAD03FD85053	2E1CC20A761B55F58E2D606550075ABBF9F75229	9438D857F817F2718F784127DC35B69D23405EBCC5441AB6B023F2788F046F4C
C:\Windows\Temp\~DF6B3438CCA0F4BFE2.TMP	Composite Document File V2 Document, Cannot read section info	D350CFC2918D17509564C5AE3E7B9D0E	082C07A521DF71D0229E6D5B12E4FB933926DC8F	4B0ABE3FABAD30581D0F68DC39766C4A34B7C6E81D81764589413C17873478B9
C:\Windows\Temp\~DFA82F1FCF071015FD.TMP	Composite Document File V2 Document, Cannot read section info	F6248CBED73D1D6BF610FAD03FD85053	2E1CC20A761B55F58E2D606550075ABBF9F75229	9438D857F817F2718F784127DC35B69D23405EBCC5441AB6B023F2788F046F4C
C:\Windows\Temp\~DFA9046B40EB5D5CA2.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DFD6B0118EE67E6473.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DFD775574B48ACDD82.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DFF34F4CF6AAB40B59.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560

Windows Analysis Report
#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f.msi

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Spreading

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report #U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f.msi

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Spreading

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f.msi