File name: | 123.msi |
Full analysis: | https://app.any.run/tasks/a6f226de-916c-4696-8984-b2ef66f32816 |
Verdict: | Malicious activity |
Analysis date: | April 25, 2019, 12:56:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Orange Heap, Author: Mikalai Kalpinski, Keywords: Installer, Comments: This installer database contains the logic and data required to install Orange Heap., Template: Intel;1049, Revision Number: {78BD0E71-C2C8-4D59-B8A1-312C2113C584}, Create Time/Date: Wed Jun 6 09:32:38 2012, Last Saved Time/Date: Wed Jun 6 09:32:38 2012, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.5.2519.0), Security: 2 |
MD5: | 5DD480E2FF9FBA53A1ACAD8BCF80A184 |
SHA1: | B2799D68F70C04E5BDC20684DC29922C215A1E60 |
SHA256: | 5C5F6A2B329E8EA9CE7EC6FAB25E2DC574FBB817375A057B8999E95FE64C9DD1 |
SSDEEP: | 49152:d39GHHHDIVPYRnuEMX27gWAaHZBUmVS28:dNGnHDJxZ7UmV |
.msi | | | Microsoft Windows Installer (98.5) |
---|---|---|
.msi | | | Microsoft Installer (100) |
CodePage: | Windows Latin 1 (Western European) |
---|---|
Title: | Installation Database |
Subject: | Orange Heap |
Author: | Mikalai Kalpinski |
Keywords: | Installer |
Comments: | This installer database contains the logic and data required to install Orange Heap. |
Template: | Intel;1049 |
RevisionNumber: | {78BD0E71-C2C8-4D59-B8A1-312C2113C584} |
CreateDate: | 2012:06:06 08:32:38 |
ModifyDate: | 2012:06:06 08:32:38 |
Pages: | 200 |
Words: | 2 |
Software: | Windows Installer XML (3.5.2519.0) |
Security: | Read-only recommended |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2956 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\123.msi" | C:\Windows\System32\msiexec.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2184 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2780 | C:\Windows\system32\MsiExec.exe -Embedding E1B7DC18518CC7B1CE0318C48EDF815E C | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
4056 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3564 | DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "00000000" "000003A0" "000005BC" | C:\Windows\system32\DrvInst.exe | — | svchost.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3316 | C:\Windows\system32\MsiExec.exe -Embedding 9FE6C4AD29C0E9A617C03C0E99271C03 | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2440 | C:\Windows\system32\MsiExec.exe -Embedding 000F42ADD05196A10A4D349682A4E531 M Global\MSI0000 | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2724 | "C:\Windows\system32\taskmgr.exe" /4 | C:\Windows\system32\taskmgr.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Task Manager Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2320 | "C:\Windows\system32\taskmgr.exe" /1 | C:\Windows\system32\taskmgr.exe | taskmgr.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Task Manager Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
4044 | "C:\Program Files\Orange Heap\OrangeHeap.exe" | C:\Program Files\Orange Heap\OrangeHeap.exe | — | explorer.exe |
User: admin Company: Mikalai Kalpinski Integrity Level: MEDIUM Description: OrangeHeap Version: 1.3.29.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2956 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSI1A32.tmp | — | |
MD5:— | SHA256:— | |||
2184 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
3564 | DrvInst.exe | C:\Windows\INF\setupapi.ev3 | binary | |
MD5:76DCC60F78B3DFF1AE3627619074F465 | SHA256:18541AC1875315C4F9EFF75050C574FAFF83717C029DAE6B366F9C6C3F0C19E0 | |||
3564 | DrvInst.exe | C:\Windows\INF\setupapi.dev.log | ini | |
MD5:3CB61953D90C10E06C8037F7E495CD75 | SHA256:F858A73052A16D58A5B51AD93538913A8EDE8FC41E0666A7CEB812CB0BAF1185 | |||
2184 | msiexec.exe | C:\System Volume Information\SPP\snapshot-2 | binary | |
MD5:D438DC1CC18C2475A5FAAEF9670EF6BD | SHA256:D362518B77F3F2E4D33D8CB53FE2AACD756607492A659829B8E82F3529B59CD3 | |||
3564 | DrvInst.exe | C:\Windows\INF\setupapi.ev1 | binary | |
MD5:3AC55C42EB7419C5F353E063B15CB80F | SHA256:EF3E33DEED0B767701F0052554D2A674F7A02FB78E6458EAA21AE549ADDE8FD0 | |||
2184 | msiexec.exe | C:\System Volume Information\SPP\OnlineMetadataCache\{4b15ad3e-8aeb-4fab-b1c7-cd2d14691870}_OnDiskSnapshotProp | binary | |
MD5:D438DC1CC18C2475A5FAAEF9670EF6BD | SHA256:D362518B77F3F2E4D33D8CB53FE2AACD756607492A659829B8E82F3529B59CD3 | |||
2184 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF29352CAEC2795EF8.TMP | — | |
MD5:— | SHA256:— | |||
4056 | vssvc.exe | C: | — | |
MD5:— | SHA256:— | |||
2184 | msiexec.exe | C:\Windows\Installer\135392.msi | executable | |
MD5:5DD480E2FF9FBA53A1ACAD8BCF80A184 | SHA256:5C5F6A2B329E8EA9CE7EC6FAB25E2DC574FBB817375A057B8999E95FE64C9DD1 |