File name: | BlasticSuperNovalle01.MSI |
Full analysis: | https://app.any.run/tasks/4b68c30f-d888-4160-b078-03e9928739bd |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 08:21:14 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page: 1252, Revision Number: {976AFFBB-ACEE-4B56-9DF2-664608C5724B}, Number of Words: 10, Subject: Installer, Author: Installer, Name of Creating Application: Installer 64247, Template: ;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200 |
MD5: | 95CEED6F6B54C652F36D34C0A9DC8E5D |
SHA1: | F609B81C3D945E5F5FFFAAB847E53D8216066454 |
SHA256: | 6AC7E4E9EFBC4C56FC54442D11D786523DF5764BBC000F12377C84663E4F9705 |
SSDEEP: | 98304:Fi8fqoQ3tYOm4mIVm67O6k2yOpgHoNGY3A:Fxfqf3WOm4DVmlHoN |
.msi | | | Microsoft Windows Installer (84.6) |
---|---|---|
.mst | | | Windows SDK Setup Transform Script (9.5) |
.xls | | | Microsoft Excel sheet (4.5) |
.msi | | | Microsoft Installer (100) |
LastPrinted: | 2009:12:11 11:47:44 |
---|---|
CreateDate: | 2009:12:11 11:47:44 |
ModifyDate: | 2009:12:11 11:47:44 |
Security: | None |
CodePage: | Windows Latin 1 (Western European) |
RevisionNumber: | {976AFFBB-ACEE-4B56-9DF2-664608C5724B} |
Words: | 10 |
Subject: | Installer |
Author: | Installer |
LastModifiedBy: | - |
Software: | Installer 64247 |
Template: | ;1033 |
Comments: | - |
Title: | Installation Database |
Keywords: | Installer, MSI, Database |
Pages: | 200 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2872 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\BlasticSuperNovalle01.MSI" | C:\Windows\System32\msiexec.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3352 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
920 | C:\Windows\system32\MsiExec.exe -Embedding 49B62776B22E0E471C5F5CDFF7A731C1 | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | (3352) msiexec.exe | Key: | HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000 |
Operation: | write | Name: | Owner |
Value: 180D00005A4877E2FE89D801 | |||
(PID) Process: | (3352) msiexec.exe | Key: | HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000 |
Operation: | write | Name: | SessionHash |
Value: 6D7EC71FA1E09ECE6EAC72822FB727A22475E4070E56E940C1AAFBF8DB7D4B5B | |||
(PID) Process: | (3352) msiexec.exe | Key: | HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000 |
Operation: | write | Name: | Sequence |
Value: 1 | |||
(PID) Process: | (3352) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress |
Operation: | write | Name: | (default) |
Value: C:\Windows\Installer\105596.ipi | |||
(PID) Process: | (3352) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders |
Operation: | write | Name: | C:\Config.Msi\ |
Value: | |||
(PID) Process: | (3352) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts |
Operation: | write | Name: | C:\Config.Msi\105597.rbs |
Value: 30968327 | |||
(PID) Process: | (3352) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts |
Operation: | write | Name: | C:\Config.Msi\105597.rbsLow |
Value: | |||
(PID) Process: | (3352) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\5A17B9C9A2D3B63458E41EF38F50D086 |
Operation: | write | Name: | 7FF712B4622C9EC48B5FBC7F674F4CD8 |
Value: 01:\Software\ARCHIVO ERROR 01x51127\ARCHIVO ERROR 01x51127\Version | |||
(PID) Process: | (3352) msiexec.exe | Key: | HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\ARCHIVO ERROR 01x51127\ARCHIVO ERROR 01x51127 |
Operation: | write | Name: | Version |
Value: 11.2.0.25 | |||
(PID) Process: | (3352) msiexec.exe | Key: | HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\ARCHIVO ERROR 01x51127\ARCHIVO ERROR 01x51127 |
Operation: | write | Name: | Path |
Value: C:\Users\admin\AppData\Roaming\ARCHIVO ERROR 01x51127\ARCHIVO ERROR 01x51127\ |
PID | Process | Filename | Type | |
---|---|---|---|---|
3352 | msiexec.exe | C:\Windows\Installer\105594.msi | — | |
MD5:— | SHA256:— | |||
3352 | msiexec.exe | C:\Config.Msi\105597.rbs | binary | |
MD5:78EA62FA00460ED087C476A2136C84BF | SHA256:5BB49DC5EBA20C47CB07E9DA0DAAB4272778D76E8CB603C4C30583A313F446BE | |||
3352 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF6A11CE573BD215B2.TMP | gmc | |
MD5:504C78F2AA74D2CDA2696F40AA5B8312 | SHA256:57FD937B7BEF34C1323848B0355B952B8EBBE104D14B9970F9D100E14C632E34 | |||
3352 | msiexec.exe | C:\Windows\Installer\SourceHash{4B217FF7-C226-4CE9-B8F5-CBF776F4C48D} | binary | |
MD5:E6D3318ADE66526DC5E890AA1183A21A | SHA256:07A6CC521F09084CE48DA18932E7B82A2987522B3BC44BB9E00B477193D339CD | |||
3352 | msiexec.exe | C:\Windows\Installer\105596.ipi | binary | |
MD5:4833EFD9206E040D3935187F5E02B47A | SHA256:93CE30C0DFF2BE5C2FB30F585D10030891F7C0D8C5BA91639955E30D52364E32 | |||
3352 | msiexec.exe | C:\Windows\Installer\MSI574B.tmp | binary | |
MD5:7AFF6B4560E5AFA7EE0DD55374427301 | SHA256:E5FDB25FB97ADAA50190F3D860D5671A7F5B1357250ADC1B3F065A92F90E7B7B | |||
3352 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF7A1980FB9D74DECA.TMP | gmc | |
MD5:9B058A33F2A5612DA6F52489B281E95E | SHA256:7B1D116B3DE64C1A022F2DD6D40CCF6A535CC71B421E960EFB317D60BE6DF483 | |||
3352 | msiexec.exe | C:\Windows\Installer\MSI578C.tmp | executable | |
MD5:65079DE5C1B00611474743D21457E226 | SHA256:5C6101CD9067C8BF0D9AAF74EA8D63B996C12BD7CDCC14C39C91CCBBC4C7C606 | |||
3352 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF6345B88CDED6255B.TMP | gmc | |
MD5:BF619EAC0CDF3F68D496EA9344137E8B | SHA256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 | |||
3352 | msiexec.exe | C:\Windows\Installer\MSI568F.tmp | executable | |
MD5:9F1E5D66C2889018DAEF4AEF604EEBC4 | SHA256:02A81AEA451CDFA2CD6668E3B814C4E50C6025E36B70AB972A8CC68ABA5B3222 |