File name:

UsbRepairTool.msi

Full analysis: https://app.any.run/tasks/3227907a-53ae-4ca8-80a3-61c01179016f
Verdict: Malicious activity
Analysis date: November 13, 2023, 13:57:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: UsbRepairTool, Author: Brother Insutries Ltd., Keywords: Installer, Comments: This installer database contains the logic and data required to install UsbRepairTool., Template: Intel;1033, Revision Number: {385EDBBB-BF6B-4295-93A3-BF455BAC51C3}, Create Time/Date: Tue Nov 25 04:45:08 2014, Last Saved Time/Date: Tue Nov 25 04:45:08 2014, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.8.1128.0), Security: 2
MD5:

DDF4AAF7AA383426D532750F87E2573A

SHA1:

1594968A9359291093DDDB0704102AAE6ECDFB52

SHA256:

BB8CFBCC7E75C8413C2871BB05F114B02FFD60A08414458A522FC1F50B80AF3A

SSDEEP:

98304:nbqwbqTyvRU94nrbrckxyqxjjVfBG76ypYowzFGXa0Sp9IXkVmT0yB2DhxhgtwA6:9VuE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 3308)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Create files in a temporary directory

      • msiexec.exe (PID: 3308)

    • Checks supported languages

      • msiexec.exe (PID: 3308)

    • Reads the computer name

      • msiexec.exe (PID: 3308)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 3308)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: UsbRepairTool
Author: Brother Insutries Ltd.
Keywords: Installer
Comments: This installer database contains the logic and data required to install UsbRepairTool.
Template: Intel;1033
RevisionNumber: {385EDBBB-BF6B-4295-93A3-BF455BAC51C3}
CreateDate: 2014:11:25 04:45:08
ModifyDate: 2014:11:25 04:45:08
Pages: 200
Words: 2
Software: Windows Installer XML Toolset (3.8.1128.0)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe no specs msiexec.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3308C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3440"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\UsbRepairTool.msi"C:\Windows\System32\msiexec.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
1 906
Read events
1 895
Write events
1
Delete events
10

Modification events

(PID) Process:(3308) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
Operation:writeName:StringCacheGeneration
Value:
378
(PID) Process:(3308) msiexec.exeKey:HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\17A\52C64B7E
Operation:delete keyName:(default)
Value:
(PID) Process:(3308) msiexec.exeKey:HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\17A
Operation:delete keyName:(default)
Value:
(PID) Process:(3308) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:delete valueName:C:\Config.Msi\16bc71.rbs
Value:
31069753
(PID) Process:(3308) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:delete keyName:(default)
Value:
(PID) Process:(3308) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
Operation:delete keyName:(default)
Value:
(PID) Process:(3308) msiexec.exeKey:HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Sequence
Value:
1
(PID) Process:(3308) msiexec.exeKey:HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:SessionHash
Value:
EE1549A1D71D05CB74C17027757CF650B4365B288C223DED95634BAC36DE79D4
(PID) Process:(3308) msiexec.exeKey:HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Owner
Value:
EC0C00004C6EBB543916DA01
(PID) Process:(3308) msiexec.exeKey:HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Operation:delete keyName:(default)
Value:
Executable files
37
Suspicious files
7
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3308msiexec.exeC:\Users\admin\AppData\Local\Temp\~DFCB3889DFFC67B9D9.TMPbinary
MD5:4CE19C188EE97E76AA4B601A2B1A36AE
SHA256:2AD2384D219BABFACA0650151013893CC4CD5CDC66F2394F70FDCDFB604D287B
3308msiexec.exeC:\Windows\Installer\16bc6f.msiexecutable
MD5:DDF4AAF7AA383426D532750F87E2573A
SHA256:BB8CFBCC7E75C8413C2871BB05F114B02FFD60A08414458A522FC1F50B80AF3A
3308msiexec.exeC:\Windows\Installer\16bc70.ipibinary
MD5:F5931797838AF6DFC5EF89BE29503978
SHA256:AD6A8B562E37B998583D27E1263D17E6F56F2DED39093291656F5255D8668D9C
3308msiexec.exeC:\Program Files\Browny02\Brother\BrotherUSBTool.exeexecutable
MD5:622A5751A744F132996CF1399ACF1B57
SHA256:6DD710EF338E45A85311B580AA9DD8606AB7E6E4021D4B94746262B0686FA3F9
3308msiexec.exeC:\Windows\Installer\MSIBDD6.tmpbinary
MD5:B84781E289B510B5DD704501454B417D
SHA256:6CE202769F265791DEED309E660800C08AB6198E3A5F8F700F2B58AE46E3592E
3308msiexec.exeC:\Program Files\Browny02\Brother\BrUSBCht.dllexecutable
MD5:C6B530C65A04E1EF13D5FD4546BD6803
SHA256:14E1B2A6621CE971D833F8E727635F8DF1C7CB347B94B12C61F8A78782C1E53C
3308msiexec.exeC:\Program Files\Browny02\Brother\BrUSBChn.dllexecutable
MD5:569128D6E4551A3109F03A09959BEA31
SHA256:23B689B78D4CC945087EF6E4BC98C085C9DF82266AA060CED58298C5BB9BB031
3308msiexec.exeC:\Program Files\Browny02\Brother\BrUSBDan.dllexecutable
MD5:48C55B903E855ABA826367A62920CECA
SHA256:0B47C26346CFA2807637F8E62738714753C0960833252481DB504DA31544F9E6
3308msiexec.exeC:\Program Files\Browny02\Brother\BrUSBCze.dllexecutable
MD5:578403EE6254F31204055498A3B774FF
SHA256:7998F6C4520B42AEFA3E8F1F74E77DD9B758BAB6E8E667225305780B5DA00260
3308msiexec.exeC:\Program Files\Browny02\Brother\BrUSBDut.dllexecutable
MD5:7E6F29724A005CEC6E5F672470EFAAFD
SHA256:4BDD35E475F9234516915B7BEC314E569BAB994F3624CCCEC02676ABAD332A7B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
868
svchost.exe
95.101.148.135:80
Akamai International B.V.
NL
unknown
4
System
192.168.100.255:138
whitelisted
868
svchost.exe
184.30.20.134:80
armmf.adobe.com
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
armmf.adobe.com
  • 184.30.20.134
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
UsbRepairTool.msi