Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SCADA 4.0.12.737.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Number of Characters: 0, Last
Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords:
Installer,MSI,Database, Subject: Blank Project Template, Author: Shanghai ZPMC Electric Co.Ltd, Security: 1, Number of Pages:
200, Name of Creating Application: InstallShield 2018 - Professional Edition 24, Last Saved Time/Date: Wed Jun 5 02:57:46
2019, Create Time/Date: Wed Jun 5 02:57:46 2019, Last Printed: Wed Jun 5 02:57:46 2019, Revision Number: {66DF9F58-4C89-4E3E-AF81-ABF197C1156B},
Code page: 1252, Template: Intel;1033
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\MSI46ae6.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\SCADA 4.0.12.737.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://www.flexerasoftware.com0
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|