File name: | Win10.0_System_Upgrade_Software.msi |
Full analysis: | https://app.any.run/tasks/bdc532ff-bc36-422d-bece-dbc057e40652 |
Verdict: | Malicious activity |
Analysis date: | May 21, 2022, 08:00:13 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Installer, Author: Corporation, Keywords: Installer, Comments: Installer Package, Template: Intel;1033, Revision Number: {DEBB4A85-EC27-4415-B5D6-DF4F44095086}, Create Time/Date: Wed Apr 27 17:56:46 2022, Last Saved Time/Date: Wed Apr 27 17:56:46 2022, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4163), Security: 2 |
MD5: | 5D4E40D1D41C4588FBF7065FA85454E7 |
SHA1: | CA876C335EF0A4D90B456F13CC975C04016A5CC1 |
SHA256: | 4C7314083933A283C87DC28ABBED3082040F12E92EDAC47FF72F8539AF6E3EA1 |
SSDEEP: | 768:qhDfhKuI7+HwtCvdttj42XZ5uNenzMtKf17xXbdTXbkVB3YoyWMDCTyWMDC/YifW:8u7+ACu2XZ/zMkIVCo0D80DO7fxP |
.msi | | | Microsoft Installer (100) |
---|
Security: | Read-only recommended |
---|---|
Software: | Windows Installer XML Toolset (3.11.2.4163) |
Words: | 10 |
Pages: | 200 |
ModifyDate: | 2022:04:27 16:56:46 |
CreateDate: | 2022:04:27 16:56:46 |
RevisionNumber: | {DEBB4A85-EC27-4415-B5D6-DF4F44095086} |
Template: | Intel;1033 |
Comments: | Installer Package |
Keywords: | Installer |
Author: | Corporation |
Subject: | Installer |
Title: | Installation Database |
CodePage: | Windows Latin 1 (Western European) |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2960 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\Win10.0_System_Upgrade_Software.msi" | C:\Windows\System32\msiexec.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3452 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | ||||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
1960 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3984 | C:\Windows\system32\MsiExec.exe -Embedding A75499F5DC81DD03B257BAFC91430EC0 | C:\Windows\system32\MsiExec.exe | — | msiexec.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3452 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
3452 | msiexec.exe | C:\Users\admin\AppData\Local\uhau8i5a9k | — | |
MD5:— | SHA256:— | |||
3452 | msiexec.exe | C:\Windows\Installer\MSIEA28.tmp | executable | |
MD5:EADAAA6EDAB657ED52D0B76325494469 | SHA256:EC0AC9068FA7C0E422F0F090EFB31E335EF87439BB5034E98A6D9F1A6E292ACB | |||
3452 | msiexec.exe | C:\Windows\Installer\MSIEA87.tmp | binary | |
MD5:66C4B29D38FB0016D8A64B4A337E3DFF | SHA256:FFCE3D7D555C98957C98F312E9D77BBDC35F4B4965485901064CE63BD7F022D8 | |||
3452 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF113365585415C952.TMP | gmc | |
MD5:8E25BECF6C9AB9CAAE8C7440D20F7343 | SHA256:9760FB872F38E7803F307F6CC9AE47E230C749D0495621C412730E3F435361D1 | |||
3452 | msiexec.exe | C:\Config.Msi\fe865.rbs | binary | |
MD5:A23DA811C9A66FA5AEE2D5D51D798EEE | SHA256:45DBB430BA8340103837C18AF052049A0801B07339A78B69AE9A77D64CB03A2F | |||
3452 | msiexec.exe | C:\System Volume Information\SPP\OnlineMetadataCache\{de0b4ef1-168b-431a-8ad0-749b97e3d8d2}_OnDiskSnapshotProp | binary | |
MD5:EA6F806B7601ABDEEF394FE59334E3CE | SHA256:31DB1690CEDDB6B1A4710065CB70FEC27C62C4BA48FDAFDA23FE7E468113500A | |||
3452 | msiexec.exe | C:\Windows\Installer\fe864.ipi | binary | |
MD5:FDC264F8FFA118220FE57C304F1D6C72 | SHA256:EC827B07E0B90FF4EF84EC67C79B81141AF3280511191BC3246CF47EF7C29FAB | |||
3452 | msiexec.exe | C:\Windows\Installer\fe863.msi | executable | |
MD5:5D4E40D1D41C4588FBF7065FA85454E7 | SHA256:4C7314083933A283C87DC28ABBED3082040F12E92EDAC47FF72F8539AF6E3EA1 | |||
3452 | msiexec.exe | C:\Windows\Installer\fe866.msi | executable | |
MD5:5D4E40D1D41C4588FBF7065FA85454E7 | SHA256:4C7314083933A283C87DC28ABBED3082040F12E92EDAC47FF72F8539AF6E3EA1 |