File name: | UCLEARUpdater.msi |
Full analysis: | https://app.any.run/tasks/fad6773b-1f5b-4bed-ada1-a598637e1fba |
Verdict: | Malicious activity |
Analysis date: | December 03, 2019, 00:29:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {8FAD4851-9D6C-420B-A7AD-749B287F951B}, Title: UCLEAR Firmware Update, Author: BITwave Pte Ltd, Number of Words: 2, Last Saved Time/Date: Fri Apr 11 10:33:11 2014, Last Printed: Fri Apr 11 10:33:11 2014 |
MD5: | 48E839AE0F683F8A26BFB2BE848224D5 |
SHA1: | F09E8B53C8E78106D862CE45C26FC53E6E1916E3 |
SHA256: | 18565C425D5D2BCF2F099BD73B1BC84C467E600ED061FCEFCF29225BCE5EEC91 |
SSDEEP: | 393216:5qSBPyBCqQ+/A+Qe2hPp2NXyMEpdhZwFdXGiQt:5qE6QGA+QeyPpM2sXGiG |
.msi | | | Microsoft Windows Installer (98.5) |
---|---|---|
.msi | | | Microsoft Installer (100) |
LastPrinted: | 2014:04:11 09:33:11 |
---|---|
ModifyDate: | 2014:04:11 09:33:11 |
Words: | 2 |
Comments: | - |
Keywords: | - |
Author: | BITwave Pte Ltd |
Subject: | - |
Title: | UCLEAR Firmware Update |
RevisionNumber: | {8FAD4851-9D6C-420B-A7AD-749B287F951B} |
Pages: | 200 |
Template: | Intel;1033 |
CodePage: | Windows Latin 1 (Western European) |
Security: | Password protected |
Software: | Windows Installer |
CreateDate: | 1999:06:21 07:00:00 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1648 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\UCLEARUpdater.msi" | C:\Windows\System32\msiexec.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3896 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3704 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
4036 | C:\Windows\system32\MsiExec.exe -Embedding 439974A0BAA14EB62071DDC0B2813863 | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3308 | "C:\Windows\system32\MsiExec.exe" /Y "C:\UCLEAR\msflxgrd\MSFlxGrd.Ocx" | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2588 | "C:\UCLEAR\DPInst0.exe" | C:\UCLEAR\DPInst0.exe | — | msiexec.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
1400 | cmd /c ""C:\Users\admin\AppData\Local\Temp\5E18.tmp\DPInst.bat"" | C:\Windows\system32\cmd.exe | — | DPInst0.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1896 | C:\UCLEAR\Drivers\win32\DPInst.exe /S /F /PATH C:\UCLEAR\Drivers\win32 | C:\UCLEAR\Drivers\win32\DPInst.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Driver Package Installer Exit code: 3221226540 Version: 2.1 | ||||
2276 | "C:\UCLEAR\Drivers\win32\DPInst.exe" /S /F /PATH C:\UCLEAR\Drivers\win32 | C:\UCLEAR\Drivers\win32\DPInst.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Driver Package Installer Exit code: 3221226540 Version: 2.1 | ||||
2972 | "C:\UCLEAR\Drivers\win32\DPInst.exe" /S /F /PATH C:\UCLEAR\Drivers\win32 | C:\UCLEAR\Drivers\win32\DPInst.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Driver Package Installer Exit code: 512 Version: 2.1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3896 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
3896 | msiexec.exe | C:\Windows\Installer\394ec6.msi | — | |
MD5:— | SHA256:— | |||
3896 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DFCA4711046D37E1E1.TMP | — | |
MD5:— | SHA256:— | |||
3704 | vssvc.exe | C: | — | |
MD5:— | SHA256:— | |||
3896 | msiexec.exe | C:\UCLEAR\HBC200_Update_RC207\hlp\page_connection.htm | html | |
MD5:F4784C9A7AFA0D16569732D134CF8B38 | SHA256:E25C6D0E59B661B95335D015E8031AB66FFD09737AE93623C38A653F7DF23BB6 | |||
3896 | msiexec.exe | C:\Windows\Installer\394ec7.ipi | binary | |
MD5:0E6A249F2AFE1BEC7A0062A3D0386E05 | SHA256:E10BDD79C66D3E0D9116D98F6F2E9A991343BBB525925984B2742635F1B04483 | |||
3896 | msiexec.exe | C:\System Volume Information\SPP\snapshot-2 | binary | |
MD5:0D1496C4384411D9C7CE2A8A6A8C9129 | SHA256:1EA66CC775E95FB87567B01238F41F0263D61CB54BDF80D3B37F3986567C11F8 | |||
3896 | msiexec.exe | C:\UCLEAR\Drivers\win32\CSRBlueCoreUSB.inf | binary | |
MD5:AE2047A19D83B8594E01C934CA431939 | SHA256:6C1EE280C0D9F5C27A5FC8E89A5B0044DCF9A54266D64E0195055998B409C2A4 | |||
3896 | msiexec.exe | C:\UCLEAR\Drivers\win64\DPInst0.exe | executable | |
MD5:5A2CC1B2109EF553091017EEEBDCC95E | SHA256:D291FF15FE0C860B01269A7CE7B4CD9D19C3FBB691C80D21B43DF2E907CBCC5C | |||
3896 | msiexec.exe | C:\Windows\Installer\MSI563A.tmp | binary | |
MD5:5E5AFA4530AAC70873ECFB342CAB4189 | SHA256:A0CC0E3556B3B9C9F033205AC2B6D098126E37F0E6917B607A29816843BA1E83 |