File name:

Sentinel Protection Installer 7.5.0.zip

Full analysis: https://app.any.run/tasks/d8659a22-63dd-4366-8177-00b0d8115503
Verdict: Malicious activity
Analysis date: November 20, 2023, 09:06:19
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

413C647AB6F17843F994EF4F88E77B82

SHA1:

E1F255605EB634B4FE9A794E1A2CFF2E1A3BB8AF

SHA256:

3E7D3E91FD6DD014BDF5FA7FE20C66343E5EAFE91BC0AFB9D930B449C5FF6C76

SSDEEP:

98304:2JjuDJdfSBgTUen7CITUgmIkXO24R49vPMKy9Rr4Rjpg5Ozgnc9TE856c5k2dzjE:8sLbbMu19hP8IEc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file the system directory

      • msiexec.exe (PID: 3680)
      • drvinst.exe (PID: 1808)

    • Drops the executable file immediately after the start

      • drvinst.exe (PID: 1808)
      • msiexec.exe (PID: 3680)
      • msiexec.exe (PID: 1760)

  • SUSPICIOUS

    • Starts application with an unusual extension

      • msiexec.exe (PID: 3632)

    • Executes as Windows Service

      • VSSVC.exe (PID: 3728)
      • sntlkeyssrvr.exe (PID: 1816)
      • spnsrvnt.exe (PID: 1360)

    • Creates files in the driver directory

      • msiexec.exe (PID: 3680)
      • drvinst.exe (PID: 1808)

    • Drops a system driver (possible attempt to evade defenses)

      • msiexec.exe (PID: 1760)
      • drvinst.exe (PID: 1808)
      • msiexec.exe (PID: 3680)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 3680)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 1808)

    • Reads the Internet Settings

      • msiexec.exe (PID: 3600)
      • InstParLauncher.exe (PID: 1988)
      • MSID512.tmp (PID: 1936)
      • MSID66A.tmp (PID: 2560)

    • Suspicious use of NETSH.EXE

      • MSID512.tmp (PID: 1936)
      • MSID66A.tmp (PID: 2560)

  • INFO

    • Reads the computer name

      • wmpnscfg.exe (PID: 3208)
      • msiexec.exe (PID: 3680)
      • msiexec.exe (PID: 3856)
      • msiexec.exe (PID: 3600)
      • drvinst.exe (PID: 1808)
      • sntlkeyssrvr.exe (PID: 1816)
      • spnsrvnt.exe (PID: 1360)
      • InstParLauncher.exe (PID: 1988)
      • InstAndStartNTParService.exe (PID: 2336)
      • MSID512.tmp (PID: 1936)
      • MSID66A.tmp (PID: 2560)
      • msiexec.exe (PID: 1760)

    • Checks supported languages

      • wmpnscfg.exe (PID: 3208)
      • Sentinel Protection Installer 7.5.0.exe (PID: 3380)
      • msiexec.exe (PID: 3680)
      • msiexec.exe (PID: 3856)
      • MSI8B6D.tmp (PID: 3932)
      • msiexec.exe (PID: 3600)
      • msiexec.exe (PID: 1760)
      • drvinst.exe (PID: 1808)
      • sntlkeyssrvr.exe (PID: 1816)
      • spnsrvnt.exe (PID: 1360)
      • InstParLauncher.exe (PID: 1988)
      • SentinelDrv32Support.exe (PID: 1232)
      • InstAndStartNTParService.exe (PID: 2336)
      • MSID512.tmp (PID: 1936)
      • MSID66A.tmp (PID: 2560)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 3208)
      • Sentinel Protection Installer 7.5.0.exe (PID: 3380)
      • msiexec.exe (PID: 3680)
      • msiexec.exe (PID: 3856)
      • msiexec.exe (PID: 1760)
      • drvinst.exe (PID: 1808)
      • msiexec.exe (PID: 3600)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3308)
      • msiexec.exe (PID: 3632)

    • Create files in a temporary directory

      • Sentinel Protection Installer 7.5.0.exe (PID: 3380)
      • msiexec.exe (PID: 3680)
      • msiexec.exe (PID: 1760)
      • MSID512.tmp (PID: 1936)
      • MSID66A.tmp (PID: 2560)

    • Application launched itself

      • msiexec.exe (PID: 3680)

    • Creates or modifies Windows services

      • msiexec.exe (PID: 3680)

    • Starts application with an unusual extension

      • msiexec.exe (PID: 3680)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2008:07:11 08:05:00
ZipCRC: 0x8dcb937b
ZipCompressedSize: 5298870
ZipUncompressedSize: 6453816
ZipFileName: Sentinel Protection Installer 7.5.0.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
67
Monitored processes
21
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs sentinel protection installer 7.5.0.exe no specs sentinel protection installer 7.5.0.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msi8b6d.tmp no specs vssvc.exe no specs msiexec.exe no specs msiexec.exe no specs drvinst.exe no specs sntlkeyssrvr.exe no specs spnsrvnt.exe no specs sentineldrv32support.exe no specs instparlauncher.exe no specs instandstartntparservice.exe no specs msid512.tmp no specs netsh.exe no specs msid66a.tmp no specs netsh.exe no specs wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1232"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDrv32Support.exe" -c MakeVDDRegEntryC:\Program Files\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDrv32Support.exemsiexec.exe
User:
admin
Company:
SafeNet, Inc.
Integrity Level:
HIGH
Description:
SentinelDrv32Support
Exit code:
0
Version:
7, 5, 0, 0
Modules
Images
c:\program files\common files\safenet sentinel\sentinel system driver\sentineldrv32support.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1360"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeservices.exe
User:
SYSTEM
Company:
SafeNet, Inc
Integrity Level:
SYSTEM
Description:
Sentinel Protection Server for SuperPro and UltraPro network keys
Exit code:
0
Version:
7, 5, 0, 5
Modules
Images
c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
1644"C:\Windows\System32\netsh.exe" exec "C:\Users\admin\AppData\Local\Temp\SPSScript.dat"C:\Windows\System32\netsh.exeMSID512.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
1760C:\Windows\system32\MsiExec.exe -Embedding A1BA5E29A457AD34B1B274A76DC40ED0 E Global\MSI0000C:\Windows\System32\msiexec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1808DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{20678d98-88e9-718e-ca64-543cebeae463}\sntnlusb.inf" "0" "6dd04a27f" "00000540" "WinSta0\Default" "00000548" "208" "C:\Program Files\Common Files\SafeNet Sentinel\Sentinel System Driver"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1816"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exeservices.exe
User:
SYSTEM
Company:
SafeNet, Inc.
Integrity Level:
SYSTEM
Exit code:
0
Version:
1, 2, 1, 3
Modules
Images
c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
1848"C:\Windows\System32\netsh.exe" exec "C:\Users\admin\AppData\Local\Temp\script.dat"C:\Windows\System32\netsh.exeMSID66A.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
1936"C:\Windows\Installer\MSID512.tmp" -c disableC:\Windows\Installer\MSID512.tmpmsiexec.exe
User:
admin
Company:
SafeNet, Inc.
Integrity Level:
HIGH
Description:
SPNSrvSupport
Exit code:
0
Version:
7, 5, 0, 3
Modules
Images
c:\windows\installer\msid512.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
1988"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel System Driver\InstParLauncher.exe" -c installandstartC:\Program Files\Common Files\SafeNet Sentinel\Sentinel System Driver\InstParLauncher.exemsiexec.exe
User:
admin
Company:
SafeNet Inc.
Integrity Level:
HIGH
Description:
InstParLauncher
Exit code:
0
Version:
7, 5, 0, 0
Modules
Images
c:\program files\common files\safenet sentinel\sentinel system driver\instparlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2336"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel System Driver\InstAndStartNTParService.exe" -c installandstartC:\Program Files\Common Files\SafeNet Sentinel\Sentinel System Driver\InstAndStartNTParService.exeInstParLauncher.exe
User:
admin
Company:
SafeNet Inc.
Integrity Level:
HIGH
Description:
InstAndStartNTParService
Exit code:
0
Version:
7, 5, 0, 0
Modules
Images
c:\program files\common files\safenet sentinel\sentinel system driver\instandstartntparservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
Total events
9 833
Read events
9 621
Write events
194
Delete events
18

Modification events

(PID) Process:(3208) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{D8145605-09C3-4F44-AF6F-267102B6D22B}\{E484809C-27F3-467D-88A4-DEEDBE311F21}
Operation:delete keyName:(default)
Value:
(PID) Process:(3208) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{D8145605-09C3-4F44-AF6F-267102B6D22B}
Operation:delete keyName:(default)
Value:
(PID) Process:(3208) wmpnscfg.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{ADA2D2C1-5D74-47C7-8C9D-49273AAF4C05}
Operation:delete keyName:(default)
Value:
(PID) Process:(3308) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17A\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3308) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3308) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3308) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3308) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3308) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3308) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
47
Suspicious files
63
Text files
22
Unknown types
0

Dropped files

PID
Process
Filename
Type
3380Sentinel Protection Installer 7.5.0.exeC:\Users\admin\AppData\Local\Temp\_is7D44\Sentinel Protection Installer 7.5.0.msi
MD5:
SHA256:
3380Sentinel Protection Installer 7.5.0.exeC:\Windows\Downloaded Installations\{B0369E3A-3DE6-4DBD-B658-F52334198E6E}\Sentinel Protection Installer 7.5.0.msi
MD5:
SHA256:
3680msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
3680msiexec.exeC:\Windows\Installer\16c345.msi
MD5:
SHA256:
3308WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3308.17517\Sentinel Protection Installer 7.5.0.exeexecutable
MD5:0A0DA779F9C830485D8E85364CC6B5CF
SHA256:97C7947D56841681B33B5507A734D3E060D496B2AB370FE374D2178CDE39B4A1
3632msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI8B9D.tmpexecutable
MD5:14D1D2FE7A36E58D6E1A9465C323604B
SHA256:809CA7B39F4A1B49DC0ADEE682CE6E1CE9259F1E5B563BC2DEF38430F368A569
3380Sentinel Protection Installer 7.5.0.exeC:\Users\admin\AppData\Local\Temp\_is7D44\0x0409.inibinary
MD5:CF9BD8FDD8ED91EBCD0D73DD97DE41A3
SHA256:121C1209BD2B0F2755DEBEAD7B9DC4B5F39B9E87F3C105A38DBDF7920DE45544
3680msiexec.exeC:\Windows\Installer\16c346.ipibinary
MD5:CDF97B3C77F23A0F272CADF3698D3C5B
SHA256:EA10E31F760E9FFA37A043BFF12DC7DEB9923216842C37B3231E87F241BDF0C7
3680msiexec.exeC:\System Volume Information\SPP\snapshot-2binary
MD5:F0805A5585EF27E09E77A71225B8EB35
SHA256:E5803E1BE2D2C965EA3CCCAAE346BDDD59E87A06C195D010CD2DADC752089663
3680msiexec.exeC:\Windows\Installer\MSIC693.tmpexecutable
MD5:14D1D2FE7A36E58D6E1A9465C323604B
SHA256:809CA7B39F4A1B49DC0ADEE682CE6E1CE9259F1E5B563BC2DEF38430F368A569
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Sentinel Protection Installer 7.5.0.zip