File name: | VoucherCarrefourSpainEUR.msi |
Full analysis: | https://app.any.run/tasks/39f9ca71-7df4-4abf-815e-e3330bb4cbb1 |
Verdict: | Malicious activity |
Analysis date: | November 08, 2019, 12:45:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page: 1252, Revision Number: {27F0A235-ECAF-4F52-8DFD-3FFB8EB6B8A8}, Number of Words: 10, Subject: PDF Adobe Flash, Author: PDF Adobe Flash, Name of Creating Application: Advanced Installer 12.2.1 build 64247, Template: ;1033, Comments: This installer database contains the logic and data required to install PDF Adobe Flash., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200 |
MD5: | 2C7A4E84892AB3B5FAE30945E2E4D896 |
SHA1: | 12105410025548138374F0BC64E71BC107E1D817 |
SHA256: | 3945D13A480EBA2E8350CD8B71C866E0C5FA7A6A0C642074BABF9540979727EF |
SSDEEP: | 24576:CXxXVe5QbwW5Ap9nGl/BljpqGQbBEpqkzi0LkiYeq2CNzQBG/435qKmMdDWjTU+s:CXVE9nO7jpqGU+IsIz+OTPYGYPKA |
.msi | | | Microsoft Windows Installer (84.2) |
---|---|---|
.mst | | | Windows SDK Setup Transform Script (9.5) |
.msi | | | Microsoft Installer (100) |
LastPrinted: | 2009:12:11 11:47:44 |
---|---|
CreateDate: | 2009:12:11 11:47:44 |
ModifyDate: | 2009:12:11 11:47:44 |
Security: | None |
CodePage: | Windows Latin 1 (Western European) |
RevisionNumber: | {27F0A235-ECAF-4F52-8DFD-3FFB8EB6B8A8} |
Words: | 10 |
Subject: | PDF Adobe Flash |
Author: | PDF Adobe Flash |
LastModifiedBy: | - |
Software: | Advanced Installer 12.2.1 build 64247 |
Template: | ;1033 |
Comments: | This installer database contains the logic and data required to install PDF Adobe Flash. |
Title: | Installation Database |
Keywords: | Installer, MSI, Database |
Pages: | 200 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2504 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\VoucherCarrefourSpainEUR.msi" | C:\Windows\System32\msiexec.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
1796 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3832 | C:\Windows\system32\MsiExec.exe -Embedding DD52E9A7FC864257D085B21C9C5E8185 | C:\Windows\system32\MsiExec.exe | msiexec.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1796 | msiexec.exe | C:\Windows\Installer\MSIA5EF.tmp | — | |
MD5:— | SHA256:— | |||
1796 | msiexec.exe | C:\Windows\Installer\MSIA67C.tmp | — | |
MD5:— | SHA256:— | |||
1796 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DFBE8D180CB9A9B24B.TMP | — | |
MD5:— | SHA256:— | |||
1796 | msiexec.exe | C:\Windows\Installer\39a535.ipi | binary | |
MD5:EAC184332C5EA99845EF4A1954CBBC86 | SHA256:9FB4898A2E2AC3E8297568E2F397051A1DE3413D7A95B011DED2F089FB9732F1 | |||
1796 | msiexec.exe | C:\Windows\Installer\39a533.msi | executable | |
MD5:2C7A4E84892AB3B5FAE30945E2E4D896 | SHA256:3945D13A480EBA2E8350CD8B71C866E0C5FA7A6A0C642074BABF9540979727EF | |||
1796 | msiexec.exe | C:\Windows\Installer\MSIA73A.tmp | executable | |
MD5:EE101CA054B2670565F6B7B91E186D34 | SHA256:1BB9E08FF69E0CECBD34B2E868A4C88403D4F1F5CAE135D25CE165F2B4C3D8DD |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3832 | MsiExec.exe | GET | — | 35.247.208.129:4748 | http://35.247.208.129:4748/ecjay.zip | US | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3832 | MsiExec.exe | 35.247.208.129:4748 | — | — | US | malicious |
PID | Process | Class | Message |
---|---|---|---|
3832 | MsiExec.exe | A Network Trojan was detected | MALWARE [PTsecurity] Trojan.Loader (Trojan.Agent.DDSA) Requesting Zip Archive |