Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

mariadb-11.4.4-winx64.msi

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: MariaDB Server, Author: MariaDB Corporation Ab, Keywords: Installer, Comments: This installer database contains the logic and data required to install MariaDB 11.4 (x64)., Template: x64;1033, Revision Number: {D89E0A6A-AC25-48D9-847B-131A94945DB3}, Create Time/Date: Wed Oct 30 15:10:46 2024, Last Saved Time/Date: Wed Oct 30 15:10:46 2024, Number of Pages: 500, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2

initial sample

Details

Filetype:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: MariaDB Server, Author: MariaDB Corporation Ab, Keywords: Installer, Comments: This installer database contains the logic and data required to install MariaDB 11.4 (x64)., Template: x64;1033, Revision Number: {D89E0A6A-AC25-48D9-847B-131A94945DB3}, Create Time/Date: Wed Oct 30 15:10:46 2024, Last Saved Time/Date: Wed Oct 30 15:10:46 2024, Number of Pages: 500, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
Entropy:	7.994581816779938
Filename:	mariadb-11.4.4-winx64.msi
Filesize:	78110720
MD5:	fc78fd2c195e861da5fb5b7db5b33e58
SHA1:	5db72a4c5d3cf81f6e9fa42e8196b4fed535c62f
SHA256:	6cd895978d37e26563c22a57885f2fdb9474df1bd362629477be2782bd9249d2
SHA512:	daae13890d28a733374c3f2d32d40c4859ac3aefcc1c83ac234043d9d13d4c4f7ea6c9976d4551a0327a90b20bba5789c54639c2210be381a744a66f96ad015d
SSDEEP:	1572864:zI5UDbgVVs5inhshTsEb7/9+cFTBVrIWzJBhP/rmGyUZ/7m/:zI5AkVVsvsEb7J9Vc2BhyGZ/
Preview:	........................>.................................................................................... ...$...(...,...0...4...8...<...@...D...H.........................................................................................................

Signature Hits	Behavior Group	Mitre Attack
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\MSI2225.tmp

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI2225.tmp
Category:	dropped
Dump:	MSI2225.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.774582872779452
Encrypted:	false
Ssdeep:	768:sbMYNNX4hqKv2sjIj3wDlS77ZOfcqha47aYaxcxqSdQxlLxzrnVA1U8io:QM4/KvQPUfcqonxlLxzrVAK8
Size:	50688
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates temporary files	System Summary

C:\Users\user\AppData\Local\Temp\MSI2293.tmp

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI2293.tmp
Category:	dropped
Dump:	MSI2293.tmp.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.774582872779452
Encrypted:	false
Ssdeep:	768:sbMYNNX4hqKv2sjIj3wDlS77ZOfcqha47aYaxcxqSdQxlLxzrnVA1U8io:QM4/KvQPUfcqonxlLxzrVAK8
Size:	50688
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\MSI4EA5.tmp

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\MSI4EA5.tmp
Category:	dropped
Dump:	MSI4EA5.tmp.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.774582872779452
Encrypted:	false
Ssdeep:	768:sbMYNNX4hqKv2sjIj3wDlS77ZOfcqha47aYaxcxqSdQxlLxzrnVA1U8io:QM4/KvQPUfcqonxlLxzrVAK8
Size:	50688
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Processes

Path

Cmdline

Malicious

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\mariadb-11.4.4-winx64.msi"

Details

Is windows:	true
Is dropped:	false
PID:	348
Target ID:	0
Parent PID:	1028
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\System32\msiexec.exe
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\mariadb-11.4.4-winx64.msi"
Size:	69632
MD5:	E5DA170027542E25EDE42FC54C929077
Time:	05:42:08
Date:	25/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff65a340000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

Details

Is windows:	true
Is dropped:	false
PID:	3716
Target ID:	1
Parent PID:	632
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\System32\msiexec.exe
Commandline:	C:\Windows\system32\msiexec.exe /V
Size:	69632
MD5:	E5DA170027542E25EDE42FC54C929077
Time:	05:42:08
Date:	25/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff65a340000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\msiexec.exe

C:\Windows\System32\MsiExec.exe -Embedding 6F8EF82C81991F83C9E5737CFD31B471 C

Details

Is windows:	true
Is dropped:	false
PID:	1496
Target ID:	3
Parent PID:	3716
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\System32\msiexec.exe
Commandline:	C:\Windows\System32\MsiExec.exe -Embedding 6F8EF82C81991F83C9E5737CFD31B471 C
Size:	69632
MD5:	E5DA170027542E25EDE42FC54C929077
Time:	05:42:08
Date:	25/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff65a340000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
mariadb-11.4.4-winx64.msi

Files

Processes

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportmariadb-11.4.4-winx64.msi

Files

Processes

IOC Report
mariadb-11.4.4-winx64.msi