File name: | Marco-FTA-657687HD99O.msi |
Full analysis: | https://app.any.run/tasks/568eabcd-c871-470b-afc2-6a503be17e20 |
Verdict: | Malicious activity |
Analysis date: | March 22, 2019, 06:22:58 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Last Printed: Wed Nov 21 14:59:58 2007, Create Time/Date: Wed Nov 21 14:59:58 2007, Title: Installation Database, Keywords: Installer, MSI, Database, Last Saved Time/Date: Wed Nov 21 15:17:57 2007, Number of Pages: 200, Security: 0, Code page: 1252, Revision Number: {4CF3826D-6E93-44B0-8871-C42428D99422}, Number of Words: 10, Subject: Adobe Acrobat Reader, Author: Adobe Acrobat Reader, Name of Creating Application: Advanced Installer 12.2.1 build 64247, Template: ;1033, Comments: This installer database contains the logic and data required to install Adobe Acrobat Reader. |
MD5: | 3908ED0D44A2AF2764B8846FABC384CD |
SHA1: | AC51000E66B2BADEBE6C2753B13F07E4BF76F1F1 |
SHA256: | 4F7E5495F48B2188D536E965067748863CE63681409B9BEB11A39CC2FB84C85D |
SSDEEP: | 3072:SrV4kCO7zXWBwgz88ereWn/7w05g059xt7v3D7YQA8PMcB3RUN46ILJ9+ZB5yOaI:SrLCOHXb8er1nzTHR3D7YQAVrp |
.msi | | | Microsoft Windows Installer (88.6) |
---|---|---|
.mst | | | Windows SDK Setup Transform Script (10) |
.msi | | | Microsoft Installer (100) |
Comments: | This installer database contains the logic and data required to install Adobe Acrobat Reader. |
---|---|
Template: | ;1033 |
Software: | Advanced Installer 12.2.1 build 64247 |
LastModifiedBy: | - |
Author: | Adobe Acrobat Reader |
Subject: | Adobe Acrobat Reader |
Words: | 10 |
RevisionNumber: | {4CF3826D-6E93-44B0-8871-C42428D99422} |
CodePage: | Windows Latin 1 (Western European) |
Security: | None |
Pages: | 200 |
ModifyDate: | 2007:11:21 15:17:57 |
Keywords: | Installer, MSI, Database |
Title: | Installation Database |
CreateDate: | 2007:11:21 14:59:58 |
LastPrinted: | 2007:11:21 14:59:58 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1336 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\Marco-FTA-657687HD99O.msi" | C:\Windows\System32\msiexec.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 1073807364 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
4040 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2572 | C:\Windows\system32\MsiExec.exe -Embedding AA6EDB8E275F1799A3DE7D9F084329CE | C:\Windows\system32\MsiExec.exe | msiexec.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 1073807364 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
1552 | "C:\Windows\System32\cmd.exe" /C start /MAX https://www.adobe.com/br/legal/terms.html | C:\Windows\System32\cmd.exe | — | MsiExec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 3221225547 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2576 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1073807364 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3056 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2576 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2044 | "C:\Windows\System32\cmd.exe" /C start /MIN reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v RTPkot /t reg_sz /d "C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RTPkot.exe" | C:\Windows\System32\cmd.exe | — | MsiExec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2676 | "C:\Windows\System32\cmd.exe" /C shutdown -r -f -t 0 | C:\Windows\System32\cmd.exe | — | MsiExec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2940 | "C:\Windows\system32\cmd.exe" /c shutdown /r /t 1 /f | C:\Windows\system32\cmd.exe | — | MsiExec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1115 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
944 | reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v RTPkot /t reg_sz /d "C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RTPkot.exe" | C:\Windows\system32\reg.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Console Tool Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2576 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2576 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3056 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\84VJWZ6O\adobe-head.min.fp-49c976728c560175ef3915d2bbcaa219[1].js | text | |
MD5:E89D4A4F71AC0A90E8BE1F2446E01DC3 | SHA256:66BFD06574039BECB7B87D41600B5FD34A6C476B3AB54271C6A9A74C7440B656 | |||
3056 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:6578675A15E8F7130E552AAD191766C7 | SHA256:51DEC14AC3D505935207088064B742BF891ACC40653ED670DD8ED9D37BB6EF2B | |||
3056 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\37TCL1KE\adobe.min.fp-9f089e57989ec2e6fb36add7a91cbd7b[1].css | text | |
MD5:E128187D03C3440C7C4F881BDDFD5075 | SHA256:0AF569746751282665C23B2BD8CFF33477EDAA223DBA31C38891A256973334A7 | |||
3056 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\84VJWZ6O\liveperson.min.fp-0232b34deadc0421a8b6a57415f16562[1].css | text | |
MD5:1E426576474B356877191024EF5DF065 | SHA256:7DEAAE6889260AB6ABE16C1DCFC485E2DDDD44726F65BA3884D3571966CE88B3 | |||
3056 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAEZ3O82\terms[1].html | html | |
MD5:30EF0F9E9D47645FD15C5CDA23E54AB8 | SHA256:04B9201DD2C661D99772BFFEDB757235808A3BDEC220369DD2EAF83E88DDA020 | |||
3056 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WTEAWQEF\thirdparty-new.min.fp-82c94a7b28ebafb87f108e6611d49a7c[1].css | text | |
MD5:3F9C9B1F235EC170EF2D1F03B1EF8086 | SHA256:85EC7522C5A3682307CDC7BB150D06BAC22A995C030BB1DE0FA1BDD3F9647D18 | |||
4040 | msiexec.exe | C:\Windows\Installer\fa000.msi | executable | |
MD5:3908ED0D44A2AF2764B8846FABC384CD | SHA256:4F7E5495F48B2188D536E965067748863CE63681409B9BEB11A39CC2FB84C85D | |||
3056 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:81C0CC46CAE1B114C91C6CCB63E73679 | SHA256:EB05C70FA19402E559992C102C2B820BE992169521D7D26B6B30B2F3F0285F1D |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2576 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2576 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3056 | iexplore.exe | 23.34.185.248:443 | www.adobe.com | Akamai Technologies, Inc. | NL | whitelisted |
2572 | MsiExec.exe | 216.58.207.36:80 | www.google.com | Google Inc. | US | whitelisted |
3056 | iexplore.exe | 23.45.98.72:443 | use.typekit.com | Akamai International B.V. | NL | whitelisted |
2572 | MsiExec.exe | 52.218.97.18:443 | s3-eu-west-1.amazonaws.com | Amazon.com, Inc. | IE | unknown |
Domain | IP | Reputation |
---|---|---|
s3-eu-west-1.amazonaws.com |
| shared |
www.bing.com |
| whitelisted |
www.adobe.com |
| whitelisted |
use.typekit.com |
| whitelisted |
p.typekit.net |
| shared |
www.google.com |
| whitelisted |