InstallSetup7.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | Jan. 13, 2024, 7:15 p.m. | Jan. 13, 2024, 7:17 p.m. |
-
-
BroomSetup.exe C:\Users\test22\AppData\Local\Temp\BroomSetup.exe
2676
-
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| api.ipify.org |
CNAME
api4.ipify.org
|
173.231.16.76 |
Suricata Alerts
Suricata TLS
No Suricata TLS
| section | .ndata |
| suspicious_features | Connection to IP address | suspicious_request | GET http://185.172.128.53/syncUpd.exe | ||||||
| request | GET http://api.ipify.org/?format=ewf |
| request | GET http://185.172.128.53/syncUpd.exe |
| domain | api.ipify.org |
| file | C:\Users\test22\AppData\Local\Temp\nsgF3B8.tmp\INetC.dll |
| file | C:\Users\test22\AppData\Local\Temp\BroomSetup.exe |
| file | C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe |
| file | C:\Users\test22\AppData\Local\Temp\BroomSetup.exe |
| file | C:\Users\test22\AppData\Local\Temp\nsb4B8E.tmp |
| file | C:\Users\test22\AppData\Local\Temp\202005191702_6d173b9549ce4fe1e5ada5ab9ce0bfff5d9569f19e7fa916db5c8d4f0dace63b_setup_nwc275a_demo.exe |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\winamp58_3660_beta_full_en-us[1].exe |
| file | C:\Users\test22\AppData\Local\Temp\InstallSetup7.exe |
| file | C:\Users\test22\AppData\Local\Temp\nsgF3B8.tmp\INetC.dll |
| host | 185.172.128.53 | |||
| host | 91.92.255.226 | |||
| file | C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe |
| file | C:\Users\test22\AppData\Local\Temp\nsb4B8E.tmp |
| file | C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf |
| file | c:\Windows\Temp\fwtsqmfile01.sqm |
| file | C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf |
| file | c:\Windows\Temp\fwtsqmfile00.sqm |
| file | C:\Windows\Prefetch\RUNDLL32.EXE-87432CEE.pf |
| file | C:\Windows\Prefetch\RUNDLL32.EXE-7BCB21A1.pf |
| file | C:\Windows\Prefetch\INJECT-X64.EXE-AAEEB6EB.pf |
| file | C:\Windows\Prefetch\Layout.ini |
| file | C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf |
| file | C:\Users\test22\AppData\Local\Temp\~DF8C0F100C7231519A.TMP |
| file | C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf |
| file | C:\Windows\Prefetch\SETUP.EXE-A9A86358.pf |
| file | C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf |
| file | C:\Windows\Prefetch\SVCHOST.EXE-CF79EE4C.pf |
| file | C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf |
| file | C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf |
| file | C:\Windows\Prefetch\PING.EXE-7E94E73E.pf |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\uglified_jindo[1].js |
| file | C:\Windows\Prefetch\ReadyBoot\Trace9.fx |
| file | C:\Windows\Prefetch\SETUP-STUB.EXE-8F842224.pf |
| file | C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf |
| file | C:\Windows\Prefetch\BROOMSETUP.EXE-122934BD.pf |
| file | C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf |
| file | C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf |
| file | C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf |
| file | C:\Windows\Prefetch\ReadyBoot\Trace1.fx |
| file | C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf |
| file | C:\Windows\Prefetch\AgGlGlobalHistory.db |
| file | C:\Windows\Prefetch\DEFAULT-BROWSER-AGENT.EXE-01C82E17.pf |
| file | C:\Windows\Prefetch\IS32BIT.EXE-9A90D66E.pf |
| file | C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf |
| file | C:\Windows\Prefetch\ReadyBoot\Trace8.fx |
| file | C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf |
| file | C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf |
| file | C:\Windows\Prefetch\SVCHOST.EXE-5901D5E8.pf |
| file | C:\Windows\Prefetch\MMC.EXE-561C5A40.pf |
| file | C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT |
| file | C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf |
| file | C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf |
| file | C:\Windows\Prefetch\7ZG.EXE-0F8C4081.pf |
| file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000009.log |
| file | C:\Windows\Prefetch\SVCHOST.EXE-A1476A17.pf |
| file | C:\Windows\Prefetch\INJECT-X86.EXE-6FB1ED76.pf |
| file | C:\Windows\Prefetch\PfSvPerfStats.bin |
| file | C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf |
| file | C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf |
| file | C:\Windows\Prefetch\EDITPLUS.EXE-BB0BC86D.pf |
| file | C:\Windows\Prefetch\MPCMDRUN.EXE-6AA90EA5.pf |
| file | C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf |
| file | C:\Users\test22\AppData\Local\Temp\SetupExe(20200504224110B04).log |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\dthumb[10].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\dthumb[3].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1F4WQUHZ\dropbox_logo_text_2015-vfld7_dJ8[1].svg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\013[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\sprite-20210713@2x[2].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\7028d2d448816aeaab0e_20211029092933036[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\spr_lft_white_150916[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\AdPostInjectAsync[1].nhn |
| file | c:\Windows\Temp\fwtsqmfile01.sqm |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\dthumbCAUKPFFO.jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\m_920_294_0729[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\cropImg_196x196_38699317823237099[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\e84a7e15-e6a9-41ec-9eb7-883e9b5e7249[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\348acc74d7ad9acbdda7_20211101182838273[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\1_237[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\favicon[3].png |
| file | C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\dthumb[9].jpg |
| file | C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf |
| file | C:\Users\test22\AppData\Local\Temp\dd_vcredist_amd64_20180201144548_000_vcRuntimeMinimum_x64.log |
| file | C:\Users\test22\AppData\Local\Temp\BroomSetup.exe |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\desktop.ini |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\jquery-1.12.4.min_v1[1].js |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\w[1].css |
| file | C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\S6uyw4BMUTPHjx4wWA[1].woff |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CURBIYE7\icon_spacer-vflN3BYt2[1].gif |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\3a7f4c4cb962a54fae75_20200728093632144[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\cropImg_728x360_77691188554226350[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\8c9b6e5b-4abb-45c6-9aa7-aa28806e8e84[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\TopNav[1].js |
| file | C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\adf7905c-28ea-4ddf-93b2-aa96dad57752[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\977[1].png |
| file | C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\015[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\dthumbCAR5WT7S.jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\smart_editor2.me.min.200716[1].css |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\ipsec[3].htm |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\nsd13728808[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\327[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\sample-doc-download[1].htm |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\SOC-Facebook[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\f[2].txt |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\images[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\f1e83251-9248-4d4e-8d2e-d1505a55bc83[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\3de5642a-2629-4625-9a63-d96768537b11[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\keys_js5[2].htm |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\974[1].png |
| file | C:\Windows\Prefetch\VBOXDRVINST.EXE-7DCD6070.pf |
| dead_host | 91.92.255.226:80 |
| Bkav | W32.AIDetectMalware |
| Lionic | Trojan.Win32.Stealerc.1m!c |
| Elastic | malicious (moderate confidence) |
| MicroWorld-eScan | Trojan.Generic.34560298 |
| CAT-QuickHeal | Trojanpws.Stealerc |
| Skyhigh | BehavesLike.Win32.RealProtect.vc |
| ALYac | Trojan.Generic.34560298 |
| Cylance | unsafe |
| VIPRE | Trojan.Generic.34560298 |
| Sangfor | Downloader.NSIS.Taily.Vzly |
| K7AntiVirus | Trojan-Downloader ( 005b00f71 ) |
| BitDefender | Trojan.Generic.34560298 |
| K7GW | Trojan-Downloader ( 005b00f71 ) |
| VirIT | Trojan.Win32.Genus.UWK |
| Symantec | Trojan Horse |
| ESET-NOD32 | NSIS/TrojanDownloader.Agent.OBG |
| APEX | Malicious |
| Avast | NSIS:PWSX-gen [Trj] |
| Cynet | Malicious (score: 100) |
| Kaspersky | HEUR:Trojan-PSW.Win32.Stealerc.gen |
| Alibaba | TrojanDownloader:MSIL/Taily.e146417e |
| Rising | Downloader.Agent/NSIS!1.F220 (CLASSIC) |
| Emsisoft | Trojan.Generic.34560298 (B) |
| F-Secure | Trojan.TR/Dldr.Agent.kaspq |
| DrWeb | Trojan.DownLoad4.16141 |
| Sophos | Mal/Generic-S |
| Ikarus | Trojan-Downloader.NSIS.Agent |
| Webroot | W32.Trojan.Gen |
| Avira | TR/Dldr.Agent.kaspq |
| Antiy-AVL | Trojan/Win32.Malgent |
| Kingsoft | Win32.Troj.Undef.a |
| Gridinsoft | Malware.Win32.Downloader.cc |
| Xcitium | Malware@#1o2coqjl0l2yj |
| Arcabit | Trojan.Generic.D20F592A |
| ZoneAlarm | HEUR:Trojan-PSW.Win32.Stealerc.gen |
| GData | Win32.Trojan.Ilgergop.IJ4ULO |
| Varist | W32/ABRisk.OYGR-3481 |
| McAfee | Artemis!E2EBE1A39955 |
| DeepInstinct | MALICIOUS |
| VBA32 | TrojanRansom.Stealc |
| Malwarebytes | Malware.AI.1089971296 |
| Panda | Trj/CI.A |
| TrendMicro-HouseCall | TrojanSpy.Win32.STEALC.YXEAHZ |
| Tencent | Nsis.Trojan-Downloader.Ader.Wmhl |
| Fortinet | NSIS/Injector.AOW!tr |
| AVG | NSIS:PWSX-gen [Trj] |
| CrowdStrike | win/malicious_confidence_100% (W) |