Dropped Files | ZeroBOX

Name	9285484105e33125_setup.msi Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\setup.msi
Size	2.8MB
Processes	2564 (Rechnung.exe)
Type	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision Number: {0745339A-0D81-4D1D-912A-49973241149D}, Create Time/Date: Tue Mar 7 21:28:08 2023, Last Saved Time/Date: Tue Mar 7 21:28:08 2023, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701), Security: 2
MD5	`3f5022b0805145a63f3b8876202db637`
SHA1	`953016970ac68d4818e7a6e2fdd26da18f24acf5`
SHA256	`9285484105e33125374d05e298143d133b39d835e8d1af4a6159249f86229d5d`
CRC32	`2D2DB592`
ssdeep	`49152:QGN8erCckNGjQq7DODBzl01h6K4dYdJSN5cGcPmfLKyrOxRnEOJk1gI:Zqe9kNDqnS2wdYdsQG1f2yrOnTJk`
Yara	Malicious_Library_Zero - Malicious_Library Microsoft_Office_File_Zero - Microsoft Office File CAB_file_format - CAB archive file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	0f216a5b1b84137b_MSIFA6D.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\MSIFA6D.tmp
Size	1.0MB
Processes	2652 (msiexec.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
MD5	`8a9bfe7a382fbe927cfe4649e0a416f9`
SHA1	`8889cbcabe01478e90dfff1ccb74f89e01709304`
SHA256	`0f216a5b1b84137bfd24c55f5e39ea5539b13452bc9b933572e8017551563493`
CRC32	`0B206B85`
ssdeep	`24576:QUUGGcJV8xtc+w2TTOSIWnZJ/KyiOOOWR+4EGpRg3isM:jGcPmfLKyrOxRnEOJb`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) CAB_file_format - CAB archive file IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis