File name:

Crypto Wallet Cracker v2.3.msi

Full analysis: https://app.any.run/tasks/8c46a291-4a7d-4622-854a-22978bcd7b44
Verdict: Malicious activity
Analysis date: December 03, 2023, 14:25:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {140A9090-6D9B-4E59-ADC9-2D5792C47FCB}, Title: Crypto Wallet Cracker, Author: Crypto Wallet Cracker, Number of Words: 2, Last Saved Time/Date: Tue Oct 17 19:42:57 2023, Last Printed: Tue Oct 17 19:42:57 2023
MD5:

0AA7BC441695F50C63F180B6BB8A084D

SHA1:

256ECD5A3F3D74FBE9C52243D6F755B7D9829989

SHA256:

3F061D6733F9BF1F147C2FEB0768F8FE992957C5AB2895BBF01D16C9E7A16C32

SSDEEP:

98304:CiRM47UCKIRHdDADAzmkiOLQeyjWF+YFcOgc5yrG4ALjYOChRP/1gZjOOZoUP7KL:F9o

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 2740)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 3060)
      • msiexec.exe (PID: 2740)

    • Executes as Windows Service

      • VSSVC.exe (PID: 1996)

  • INFO

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 2740)
      • msiexec.exe (PID: 1924)
      • msiexec.exe (PID: 3176)

    • Checks supported languages

      • msiexec.exe (PID: 2740)
      • msiexec.exe (PID: 1924)
      • msiexec.exe (PID: 3176)

    • Reads the computer name

      • msiexec.exe (PID: 2740)
      • msiexec.exe (PID: 1924)
      • msiexec.exe (PID: 3176)

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 3060)

    • Application launched itself

      • msiexec.exe (PID: 2740)

    • Create files in a temporary directory

      • msiexec.exe (PID: 2740)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (90.2)
.msp | Windows Installer Patch (8.4)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CreateDate: 1999:06:21 07:00:00
Software: Windows Installer
Security: Password protected
CodePage: Windows Latin 1 (Western European)
Template: Intel;1033
Pages: 200
RevisionNumber: {140A9090-6D9B-4E59-ADC9-2D5792C47FCB}
Title: Crypto Wallet Cracker
Subject: -
Author: Crypto Wallet Cracker
Keywords: -
Comments: -
Words: 2
ModifyDate: 2023:10:17 18:42:57
LastPrinted: 2023:10:17 18:42:57
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
5
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs vssvc.exe no specs msiexec.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1924C:\Windows\system32\MsiExec.exe -Embedding 24B1AD0E5CF899E981A585AAC41CDC4E CC:\Windows\System32\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1996C:\Windows\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2740C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3060"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\Crypto Wallet Cracker v2.3.msi"C:\Windows\System32\msiexec.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3176C:\Windows\system32\MsiExec.exe -Embedding A7A0CE5254434718465745207435F4D0C:\Windows\System32\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
2 973
Read events
2 947
Write events
16
Delete events
10

Modification events

(PID) Process:(2740) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4000000000000000F2B487BA16B0D901C80700002C0A0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2740) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4000000000000000F2B487BA16B0D901C80700002C0A0000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2740) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
72
(PID) Process:(2740) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
40000000000000008C62D6BA16B0D901C80700002C0A0000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2740) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Leave)
Value:
400000000000000064514ABC16B0D901C80700002C0A0000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2740) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppAddInterestingComponents (Enter)
Value:
400000000000000064514ABC16B0D901C80700002C0A0000D4070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2740) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppAddInterestingComponents (Leave)
Value:
400000000000000034645DBC16B0D901C80700002C0A0000D4070000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2740) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppCreate (Leave)
Value:
4000000000000000781D5ABD16B0D901C80700002C0A0000D0070000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2740) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Leave)
Value:
4000000000000000781D5ABD16B0D901C80700002C0A0000D5070000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2740) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
Operation:writeName:FirstRun
Value:
0
Executable files
8
Suspicious files
13
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
2740msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
2740msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{54ce3c4e-fb21-4d8a-9f91-b45564d09dba}_OnDiskSnapshotPropbinary
MD5:F15C41E8D5A1A93FCAC2924817D6EECD
SHA256:4C43C1196B734483F5B5E02FDE575FFB5F41DD00F85C505D6006A5D6681EB9FA
3060msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI6B8F.tmpexecutable
MD5:B77A2A2768B9CC78A71BBFFB9812B978
SHA256:F74C97B1A53541B059D3BFAFE41A79005CE5065F8210D7DE9F1B600DC4E28AA0
3060msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI6BDE.tmpexecutable
MD5:B77A2A2768B9CC78A71BBFFB9812B978
SHA256:F74C97B1A53541B059D3BFAFE41A79005CE5065F8210D7DE9F1B600DC4E28AA0
2740msiexec.exeC:\Windows\Installer\MSIA358.tmpexecutable
MD5:B77A2A2768B9CC78A71BBFFB9812B978
SHA256:F74C97B1A53541B059D3BFAFE41A79005CE5065F8210D7DE9F1B600DC4E28AA0
2740msiexec.exeC:\Users\admin\AppData\Local\Temp\~DFA750959F76B99918.TMPbinary
MD5:6FD2BC529733115E9B54517DFBE6783A
SHA256:B840CAF759BF9DE763100F1A981D05332FD73397925C4B954F46BEE71048BDF1
2740msiexec.exeC:\Windows\Installer\MSIA4B2.tmpbinary
MD5:C3AAF6C64D95743504AF8452C1005D85
SHA256:16C2B430672634AB3AB88E3E68EE4618B89EC15D76EBFAE3AA63F2D353A91A1B
2740msiexec.exeC:\Windows\Installer\20a0e8.ipibinary
MD5:CB2A18B34809579E9A9DE34FAA60AC4D
SHA256:155FBB02315A80CD1F7056836C66DA1BAF3FFDA604DC4FBD83EF419C6C1A014A
2740msiexec.exeC:\Program Files\Crypto Wallet Cracker\Crypto Wallet Cracker v2.3\Darkminer v6.runtimeconfig.jsonbinary
MD5:D720176A229E9D969B40FABEB0BAF62E
SHA256:321B4E463BBACD6113AA337511BDEBF5E7356E9971744346B28424607C7B483A
2740msiexec.exeC:\Program Files\Crypto Wallet Cracker\Crypto Wallet Cracker v2.3\Darkminer v6.pdbbinary
MD5:37875F67F67F2F9D750F27AA47DEB6A3
SHA256:A9C743213AD48BFDDCBB332E568F640581AF95B9B522731A1D90F764054E62A0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Crypto Wallet Cracker v2.3.msi