analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

fusion msi x32.msi

Full analysis: https://app.any.run/tasks/2067a29e-d9d3-4735-b364-41af4baac77a
Verdict: Malicious activity
Analysis date: May 14, 2019, 20:46:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
generated-doc
opendir
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: FusionInventory Agent 2.4.3 (x86 edition) 2.4.3.0, Subject: FusionInventory Agent 2.4.3 (x86 edition), Author: FusionInventory Team, Keywords: Installer, Comments: Installer wrapped by MSI Wrapper (6.0.91.0) from www.exemsi.com, Template: Intel;1033, Revision Number: {8395FC6B-092B-4A0F-BD32-4DE08C17DA49}, Create Time/Date: Wed Dec 17 10:17:14 2014, Last Saved Time/Date: Wed Dec 17 10:17:14 2014, Number of Pages: 200, Number of Words: 2, Name of Creating Application: MSI Wrapper (6.0.91.0), Security: 2
MD5:

770364A3401636811ABE9321CE0F6ACB

SHA1:

7043E964451ECC6E3F6189F38E1BB16A5C64851F

SHA256:

443D8439723B2C3EEC509D3DF8151190DC375E06AFFF78B74FA08351CFE5638A

SSDEEP:

196608:FqNsSPjvozSrFFG+AIRQybwWQgwC0JjacTNkwEWRpTtfs:wNnPzozcFGNIRQybwbgwCwjNNfRZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)
      • ns5A70.tmp (PID: 3728)
      • fusion msi x32.exe (PID: 3124)
      • ns5678.tmp (PID: 3228)
      • sed.exe (PID: 2728)
      • ns7D2D.tmp (PID: 3464)
      • sed.exe (PID: 2844)
      • ns7BC5.tmp (PID: 2656)
      • ns7E18.tmp (PID: 1924)
      • sed.exe (PID: 1848)
      • ns7F62.tmp (PID: 2880)
      • sed.exe (PID: 3896)
      • sed.exe (PID: 1088)
      • ns80BA.tmp (PID: 3612)
      • sed.exe (PID: 2676)
      • ns8291.tmp (PID: 952)
      • sed.exe (PID: 3536)
      • sed.exe (PID: 2564)
      • ns838C.tmp (PID: 3720)
      • ns81B5.tmp (PID: 2196)
      • ns8477.tmp (PID: 2692)
      • ns8582.tmp (PID: 2036)
      • fusioninventory-agent.exe (PID: 2148)
      • sed.exe (PID: 1424)
      • sed.exe (PID: 3548)
      • ns8E8C.tmp (PID: 4032)
      • ns9802.tmp (PID: 3112)
      • perl.exe (PID: 2804)
      • ns9FC4.tmp (PID: 2540)
      • perl.exe (PID: 3676)
      • dmidecode.exe (PID: 4056)
      • dmidecode.exe (PID: 2760)
      • dmidecode.exe (PID: 3256)
      • dmidecode.exe (PID: 2428)
      • dmidecode.exe (PID: 2644)
      • dmidecode.exe (PID: 3736)

    • Loads the Task Scheduler COM API

      • schtasks.exe (PID: 3696)

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 992)

    • Loads dropped or rewritten executable

      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)
      • sed.exe (PID: 2728)
      • sed.exe (PID: 2844)
      • sed.exe (PID: 1848)
      • sed.exe (PID: 3896)
      • sed.exe (PID: 1088)
      • sed.exe (PID: 2676)
      • sed.exe (PID: 2564)
      • sed.exe (PID: 3536)
      • sed.exe (PID: 3548)
      • sed.exe (PID: 1424)
      • fusioninventory-agent.exe (PID: 2148)
      • perl.exe (PID: 3676)
      • perl.exe (PID: 2804)

    • Adds new firewall rule via NETSH.EXE

      • ns8E8C.tmp (PID: 4032)
      • ns9802.tmp (PID: 3112)
      • ns9FC4.tmp (PID: 2540)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 2472)
      • MsiExec.exe (PID: 3880)
      • fusion msi x32.exe (PID: 3124)
      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)

    • Executes scripts

      • fusion msi x32.exe (PID: 3124)

    • Uses NETSH.EXE for network configuration

      • ns5678.tmp (PID: 3228)
      • ns8E8C.tmp (PID: 4032)
      • ns9802.tmp (PID: 3112)
      • ns9FC4.tmp (PID: 2540)

    • Starts CMD.EXE for commands execution

      • WScript.exe (PID: 2612)
      • ns5A70.tmp (PID: 3728)
      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)
      • perl.exe (PID: 2804)
      • perl.exe (PID: 3676)

    • Starts application with an unusual extension

      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)

    • Creates files in the program directory

      • sed.exe (PID: 2728)
      • sed.exe (PID: 2844)
      • sed.exe (PID: 1848)
      • sed.exe (PID: 3896)
      • sed.exe (PID: 1088)
      • sed.exe (PID: 3536)
      • sed.exe (PID: 2676)
      • sed.exe (PID: 1424)
      • sed.exe (PID: 2564)
      • sed.exe (PID: 3548)
      • fusioninventory-agent.exe (PID: 2148)
      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)

    • Creates a software uninstall entry

      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)

  • INFO

    • Loads dropped or rewritten executable

      • MsiExec.exe (PID: 3880)
      • MsiExec.exe (PID: 3348)

    • Changes settings of System certificates

      • DrvInst.exe (PID: 832)

    • Low-level read access rights to disk partition

      • vssvc.exe (PID: 1180)

    • Adds / modifies Windows certificates

      • DrvInst.exe (PID: 832)

    • Application launched itself

      • msiexec.exe (PID: 2472)

    • Searches for installed software

      • msiexec.exe (PID: 2472)

    • Dropped object may contain Bitcoin addresses

      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Installer (100)

EXIF

FlashPix

Company: FusionInventory Team
LocaleIndicator: 13322
CodePage: Unicode UTF-16, little endian
Security: Read-only recommended
Software: MSI Wrapper (6.0.91.0)
Words: 2
Pages: 200
ModifyDate: 2014:12:17 10:17:14
CreateDate: 2014:12:17 10:17:14
RevisionNumber: {8395FC6B-092B-4A0F-BD32-4DE08C17DA49}
Template: Intel;1033
Comments: Installer wrapped by MSI Wrapper (6.0.91.0) from www.exemsi.com
Keywords: Installer
Author: FusionInventory Team
Subject: FusionInventory Agent 2.4.3 (x86 edition)
Title: FusionInventory Agent 2.4.3 (x86 edition) 2.4.3.0
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
109
Monitored processes
58
Malicious processes
25
Suspicious processes
9

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start msiexec.exe no specs msiexec.exe vssvc.exe no specs drvinst.exe no specs msiexec.exe msiexec.exe no specs fusion msi x32.exe wscript.exe no specs cmd.exe no specs fusioninventory-agent_windows-x86_2.4.3.exe ns5678.tmp no specs netsh.exe no specs ns5a70.tmp no specs cmd.exe no specs schtasks.exe no specs find.exe no specs ns7bc5.tmp no specs sed.exe no specs ns7d2d.tmp no specs sed.exe no specs ns7e18.tmp no specs sed.exe no specs ns7f62.tmp no specs sed.exe no specs ns80ba.tmp no specs sed.exe no specs ns81b5.tmp no specs sed.exe no specs ns8291.tmp no specs sed.exe no specs ns838c.tmp no specs sed.exe no specs ns8477.tmp no specs sed.exe no specs ns8582.tmp no specs sed.exe no specs fusioninventory-agent.exe no specs ns8e8c.tmp no specs netsh.exe no specs ns9802.tmp no specs netsh.exe no specs ns9fc4.tmp no specs netsh.exe no specs cmd.exe no specs perl.exe perl.exe cmd.exe no specs dmidecode.exe cmd.exe no specs dmidecode.exe cmd.exe no specs dmidecode.exe cmd.exe no specs dmidecode.exe cmd.exe no specs dmidecode.exe no specs cmd.exe no specs dmidecode.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3236"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\fusion msi x32.msi"C:\Windows\System32\msiexec.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
1603
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2472C:\Windows\system32\msiexec.exe /VC:\Windows\system32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1180C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
832DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "00000000" "00000560" "000004C0"C:\Windows\system32\DrvInst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
3880C:\Windows\system32\MsiExec.exe -Embedding 0ED7C0E95499F456C02203DBCA244E9FC:\Windows\system32\MsiExec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3348C:\Windows\system32\MsiExec.exe -Embedding 81A3B68699FC638DF1154DBDAA7D3471 M Global\MSI0000C:\Windows\system32\MsiExec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3124"C:\Users\admin\AppData\Local\Temp\MW-02e3bf8a-3938-412d-99f5-23bfdb567436\fusion msi x32.exe" /sC:\Users\admin\AppData\Local\Temp\MW-02e3bf8a-3938-412d-99f5-23bfdb567436\fusion msi x32.exe
MsiExec.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\mw-02e3bf8a-3938-412d-99f5-23bfdb567436\fusion msi x32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\rsaenh.dll
2612"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\RarSFX0\fusion.VBS" C:\Windows\System32\WScript.exefusion msi x32.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\wscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1828cmd /c ""C:\Users\admin\AppData\Local\Temp\RarSFX0\install.bat" "C:\Windows\System32\cmd.exeWScript.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3104fusioninventory-agent_windows-x86_2.4.3.exe /S /acceptlicense /server="http://inventario-fi.forum.cl/plugins/fusioninventory/" /no-ssl-check /installtasks=full /add-firewall-exception /delaytime=20 /runnowC:\Users\admin\AppData\Local\Temp\RarSFX0\fusioninventory-agent_windows-x86_2.4.3.exe
cmd.exe
User:
SYSTEM
Company:
FusionInventory Team (http://www.fusioninventory.org)
Integrity Level:
SYSTEM
Description:
FusionInventory Agent for Microsoft Windows
Exit code:
0
Version:
2.4.3.23
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\fusioninventory-agent_windows-x86_2.4.3.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
985
Read events
556
Write events
415
Delete events
14

Modification events

(PID) Process:(2472) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4000000000000000E0A42326960AD501A809000020090000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2472) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4000000000000000E0A42326960AD501A809000020090000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2472) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
20
(PID) Process:(2472) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
40000000000000000C519126960AD501A809000020090000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2472) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
40000000000000001A789826960AD501A809000038040000E8030000010000000000000000000000A1DF5994DA5A8E45B59C9000DE046D890000000000000000
(PID) Process:(1180) vssvc.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Enter)
Value:
400000000000000036C6A626960AD5019C040000EC0D0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1180) vssvc.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
Operation:writeName:IDENTIFY (Enter)
Value:
400000000000000036C6A626960AD5019C040000C4080000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1180) vssvc.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Enter)
Value:
400000000000000036C6A626960AD5019C040000F0090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1180) vssvc.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
40000000000000009028A926960AD5019C040000180C0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1180) vssvc.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Leave)
Value:
40000000000000005214B526960AD5019C040000F0090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
Executable files
104
Suspicious files
16
Text files
2 607
Unknown types
0

Dropped files

PID
Process
Filename
Type
2472msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
832DrvInst.exeC:\Windows\INF\setupapi.ev3binary
MD5:76DCC60F78B3DFF1AE3627619074F465
SHA256:18541AC1875315C4F9EFF75050C574FAFF83717C029DAE6B366F9C6C3F0C19E0
2472msiexec.exeC:\System Volume Information\SPP\snapshot-2binary
MD5:4D3349E2BA0926266529E916995C9FB1
SHA256:967F8F8012AF4697BE394DD35EF570AEA64E9F51E457724637C985D65528A0ED
832DrvInst.exeC:\Windows\INF\setupapi.dev.logini
MD5:49A4DA70BCECF861F2C030E87894E373
SHA256:06BCF0818D1C0B2898FA1E74D953A1D0D5BCCF0662A95694333C3B28E830A0C1
2472msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{9459dfa1-5ada-458e-b59c-9000de046d89}_OnDiskSnapshotPropbinary
MD5:4D3349E2BA0926266529E916995C9FB1
SHA256:967F8F8012AF4697BE394DD35EF570AEA64E9F51E457724637C985D65528A0ED
832DrvInst.exeC:\Windows\INF\setupapi.ev1binary
MD5:8D6FAE4951C84860FAF95CD1081A9980
SHA256:8FE4712B8D784F72AAFF532CD880A384E5C5B8BBBC6348EEF6DF4725AAA21E43
2472msiexec.exeC:\Windows\Installer\1240ab.msi
MD5:
SHA256:
2472msiexec.exeC:\Users\admin\AppData\Local\Temp\~DF24E9442507633A61.TMP
MD5:
SHA256:
1180vssvc.exeC:
MD5:
SHA256:
2472msiexec.exeC:\Windows\Installer\1240ac.ipibinary
MD5:580CEC8677CDB9AA6E83B1E9AB11EF74
SHA256:B1866F9382F8A10BA349E436EFE1B45111FD2D098A7A9A03A346EAAFB0231AE9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
5
DNS requests
1
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2804
perl.exe
GET
200
200.75.4.78:80
http://inventario-fi.forum.cl/plugins/fusioninventory/?action=getConfig&task[Collect]=2.5&machineid=User-PC-2019-05-14-21-47-25
CL
text
42 b
unknown
3676
perl.exe
GET
200
200.75.4.78:80
http://inventario-fi.forum.cl/plugins/fusioninventory/?action=getConfig&task[Collect]=2.5&machineid=User-PC-2019-05-14-21-47-25
CL
text
42 b
unknown
3676
perl.exe
GET
200
200.75.4.78:80
http://inventario-fi.forum.cl/plugins/fusioninventory/?action=getConfig&machineid=User-PC-2019-05-14-21-47-25&task[Deploy]=2.7
CL
text
42 b
unknown
2804
perl.exe
POST
200
200.75.4.78:80
http://inventario-fi.forum.cl/plugins/fusioninventory/
CL
pz
98 b
unknown
3676
perl.exe
POST
200
200.75.4.78:80
http://inventario-fi.forum.cl/plugins/fusioninventory/
CL
pz
98 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2804
perl.exe
200.75.4.78:80
inventario-fi.forum.cl
Gtd Internet S.A.
CL
unknown
3676
perl.exe
200.75.4.78:80
inventario-fi.forum.cl
Gtd Internet S.A.
CL
unknown

DNS requests

Domain
IP
Reputation
inventario-fi.forum.cl
  • 200.75.4.78
unknown

Threats

No threats detected
Process
Message
dmidecode.exe
Invalid parameter passed to C runtime function.
dmidecode.exe
Invalid parameter passed to C runtime function.
dmidecode.exe
Invalid parameter passed to C runtime function.
dmidecode.exe
Invalid parameter passed to C runtime function.
dmidecode.exe
Invalid parameter passed to C runtime function.
dmidecode.exe
Invalid parameter passed to C runtime function.
dmidecode.exe
Invalid parameter passed to C runtime function.
dmidecode.exe
Invalid parameter passed to C runtime function.
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
fusion msi x32.msi