File name: | 1SCX7734769589574545.msi |
Full analysis: | https://app.any.run/tasks/08a8d09a-9d54-4164-bd00-40eb4bee148f |
Verdict: | Malicious activity |
Analysis date: | October 09, 2019, 19:33:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page: 1252, Revision Number: {BB0E8E78-DEDE-4650-9987-BBDA435E617D}, Number of Words: 10, Subject: SCUFhHngaDCD4NEL15, Author: SCUFhHngaDCD4NEL15, Name of Creating Application: Advanced Installer 16.2 build 436ecd62, Template: ;3082, Comments: Esta base de datos del instalador contiene la lgica y los datos necesarios para instalar SCUFhHngaDCD4NEL15., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200 |
MD5: | F9654AD045C8B0BE904D68A0D81510AB |
SHA1: | BFECCB1C3A5A1418E5EB74817EE40396F28FA527 |
SHA256: | 0B7C0103EB9C3839C667720CE469318E9A2809186AE6C1DD1A65A3916935B15C |
SSDEEP: | 12288:N9fYTFIWlAJPlP41dpd5e6mBLUVEVWE72W8wrkAyJ:NJYTFId/5IqVXCWJrkAy |
.msi | | | Microsoft Windows Installer (88.6) |
---|---|---|
.mst | | | Windows SDK Setup Transform Script (10) |
.msi | | | Microsoft Installer (100) |
Pages: | 200 |
---|---|
Keywords: | Installer, MSI, Database |
Title: | Installation Database |
Comments: | Esta base de datos del instalador contiene la lógica y los datos necesarios para instalar SCUFhHngaDCD4NEL15. |
Template: | ;3082 |
Software: | Advanced Installer 16.2 build 436ecd62 |
LastModifiedBy: | - |
Author: | SCUFhHngaDCD4NEL15 |
Subject: | SCUFhHngaDCD4NEL15 |
Words: | 10 |
RevisionNumber: | {BB0E8E78-DEDE-4650-9987-BBDA435E617D} |
CodePage: | Windows Latin 1 (Western European) |
Security: | None |
ModifyDate: | 2009:12:11 11:47:44 |
CreateDate: | 2009:12:11 11:47:44 |
LastPrinted: | 2009:12:11 11:47:44 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2944 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\1SCX7734769589574545.msi" | C:\Windows\System32\msiexec.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2936 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2588 | C:\Windows\system32\MsiExec.exe -Embedding 52E9A8F8B2D957FC89A36EE9DF914771 C | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3128 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2292 | DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot22" "" "" "695c3f483" "00000000" "000005C4" "000005C8" | C:\Windows\system32\DrvInst.exe | — | svchost.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3664 | C:\Windows\system32\MsiExec.exe -Embedding 0E9FDDF4D0AD46B7593305EC9615A7C0 | C:\Windows\system32\MsiExec.exe | msiexec.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2944 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSI51C6.tmp | — | |
MD5:— | SHA256:— | |||
2944 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSI5235.tmp | — | |
MD5:— | SHA256:— | |||
2944 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSI5245.tmp | — | |
MD5:— | SHA256:— | |||
2944 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSI5275.tmp | — | |
MD5:— | SHA256:— | |||
2936 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
2936 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF03AB6CE517DBFCA4.TMP | — | |
MD5:— | SHA256:— | |||
3128 | vssvc.exe | C: | — | |
MD5:— | SHA256:— | |||
2936 | msiexec.exe | C:\Windows\Installer\MSIA75A.tmp | — | |
MD5:— | SHA256:— | |||
2936 | msiexec.exe | C:\Config.Msi\11a344.rbs | — | |
MD5:— | SHA256:— | |||
2936 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF2FC3A6BCE4F72A09.TMP | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3664 | MsiExec.exe | GET | — | 69.42.49.155:80 | http://www.leonloard.com/LLCP/wawst4ts1.zip | US | — | — | unknown |
2944 | msiexec.exe | GET | 200 | 91.199.212.52:80 | http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt | GB | der | 1.37 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3664 | MsiExec.exe | 69.42.49.155:80 | www.leonloard.com | DataBank Holdings, Ltd. | US | unknown |
2944 | msiexec.exe | 91.199.212.52:80 | crt.usertrust.com | Comodo CA Ltd | GB | suspicious |
Domain | IP | Reputation |
---|---|---|
crt.usertrust.com |
| whitelisted |
www.leonloard.com |
| unknown |