File name:

UsbRepairTool.msi

Full analysis: https://app.any.run/tasks/3227907a-53ae-4ca8-80a3-61c01179016f
Verdict: Malicious activity
Analysis date: November 13, 2023, 13:57:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: UsbRepairTool, Author: Brother Insutries Ltd., Keywords: Installer, Comments: This installer database contains the logic and data required to install UsbRepairTool., Template: Intel;1033, Revision Number: {385EDBBB-BF6B-4295-93A3-BF455BAC51C3}, Create Time/Date: Tue Nov 25 04:45:08 2014, Last Saved Time/Date: Tue Nov 25 04:45:08 2014, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.8.1128.0), Security: 2
MD5:

DDF4AAF7AA383426D532750F87E2573A

SHA1:

1594968A9359291093DDDB0704102AAE6ECDFB52

SHA256:

BB8CFBCC7E75C8413C2871BB05F114B02FFD60A08414458A522FC1F50B80AF3A

SSDEEP:

98304:nbqwbqTyvRU94nrbrckxyqxjjVfBG76ypYowzFGXa0Sp9IXkVmT0yB2DhxhgtwA6:9VuE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 3308)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads the computer name

      • msiexec.exe (PID: 3308)

    • Checks supported languages

      • msiexec.exe (PID: 3308)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 3308)

    • Create files in a temporary directory

      • msiexec.exe (PID: 3308)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: UsbRepairTool
Author: Brother Insutries Ltd.
Keywords: Installer
Comments: This installer database contains the logic and data required to install UsbRepairTool.
Template: Intel;1033
RevisionNumber: {385EDBBB-BF6B-4295-93A3-BF455BAC51C3}
CreateDate: 2014:11:25 04:45:08
ModifyDate: 2014:11:25 04:45:08
Pages: 200
Words: 2
Software: Windows Installer XML Toolset (3.8.1128.0)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe no specs msiexec.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3308C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3440"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\UsbRepairTool.msi"C:\Windows\System32\msiexec.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
1 906
Read events
1 895
Write events
1
Delete events
10

Modification events

(PID) Process:(3308) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
Operation:writeName:StringCacheGeneration
Value:
378
(PID) Process:(3308) msiexec.exeKey:HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\17A\52C64B7E
Operation:delete keyName:(default)
Value:
(PID) Process:(3308) msiexec.exeKey:HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\17A
Operation:delete keyName:(default)
Value:
(PID) Process:(3308) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:delete valueName:C:\Config.Msi\16bc71.rbs
Value:
31069753
(PID) Process:(3308) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:delete keyName:(default)
Value:
(PID) Process:(3308) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
Operation:delete keyName:(default)
Value:
(PID) Process:(3308) msiexec.exeKey:HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Sequence
Value:
1
(PID) Process:(3308) msiexec.exeKey:HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:SessionHash
Value:
EE1549A1D71D05CB74C17027757CF650B4365B288C223DED95634BAC36DE79D4
(PID) Process:(3308) msiexec.exeKey:HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Owner
Value:
EC0C00004C6EBB543916DA01
(PID) Process:(3308) msiexec.exeKey:HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Operation:delete keyName:(default)
Value:
Executable files
37
Suspicious files
7
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3308msiexec.exeC:\Users\admin\AppData\Local\Temp\~DFCB3889DFFC67B9D9.TMPbinary
MD5:4CE19C188EE97E76AA4B601A2B1A36AE
SHA256:2AD2384D219BABFACA0650151013893CC4CD5CDC66F2394F70FDCDFB604D287B
3308msiexec.exeC:\Program Files\Browny02\Brother\BrUSBFrc.dllexecutable
MD5:15174512AFFB605BB4D045F6BFCFA963
SHA256:38CA6053E6B76FECB108F15A9B35CE007E69108DAC2BED5A2A984C73CF8ACAF9
3308msiexec.exeC:\Program Files\Browny02\Brother\BrUSBBul.dllexecutable
MD5:2AADDA89F8EABBF31E71FACA2820505A
SHA256:EDB849480420FCFCDE77136CEDC841C844B4D3754049816D3BDE76A179667D12
3308msiexec.exeC:\Program Files\Browny02\Brother\BrUSBGer.dllexecutable
MD5:25E1AA9C50AD7DDFDC0316FC114CA433
SHA256:E8CFDA9FCE784C248955205695B0B41859DF0DCB59CE708927A1C6E42E8AF330
3308msiexec.exeC:\Program Files\Browny02\Brother\BrUSBCze.dllexecutable
MD5:578403EE6254F31204055498A3B774FF
SHA256:7998F6C4520B42AEFA3E8F1F74E77DD9B758BAB6E8E667225305780B5DA00260
3308msiexec.exeC:\Program Files\Browny02\Brother\BrUSBFin.dllexecutable
MD5:DF92F5C8462C31200516207AB9702597
SHA256:7F91CDBD864494DB39D2C8295BE128CA2C3AD316BCC3157873E563596D5D2F19
3308msiexec.exeC:\Program Files\Browny02\Brother\BrUSBDan.dllexecutable
MD5:48C55B903E855ABA826367A62920CECA
SHA256:0B47C26346CFA2807637F8E62738714753C0960833252481DB504DA31544F9E6
3308msiexec.exeC:\Program Files\Browny02\Brother\BrUSBCht.dllexecutable
MD5:C6B530C65A04E1EF13D5FD4546BD6803
SHA256:14E1B2A6621CE971D833F8E727635F8DF1C7CB347B94B12C61F8A78782C1E53C
3308msiexec.exeC:\Windows\Installer\MSIBDD6.tmpbinary
MD5:B84781E289B510B5DD704501454B417D
SHA256:6CE202769F265791DEED309E660800C08AB6198E3A5F8F700F2B58AE46E3592E
3308msiexec.exeC:\Program Files\Browny02\Brother\BrUSBFre.dllexecutable
MD5:D0A1DDD232C58DC841047884893EEC5D
SHA256:4A6BC18BCF119EAC3272825B5B27945C5589A5325D61A3DA39BE237D015AB3D2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
868
svchost.exe
95.101.148.135:80
Akamai International B.V.
NL
unknown
4
System
192.168.100.255:138
whitelisted
868
svchost.exe
184.30.20.134:80
armmf.adobe.com
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
armmf.adobe.com
  • 184.30.20.134
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
UsbRepairTool.msi