File name:

Idera.SQL.Check.Setup (x64).msi

Full analysis: https://app.any.run/tasks/19fd14c9-79bd-4f58-b94d-4965b1134bd1
Verdict: Malicious activity
Analysis date: November 22, 2022, 18:03:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Idera SQL Check 64-bit, Author: Idera, Keywords: Installer, Comments: This installer database contains the logic and data required to install Idera SQL Check 64-bit., Template: x64;1033, Revision Number: {13DCEA25-0438-4343-B0D4-8B38E9555E0E}, Create Time/Date: Thu Sep 24 11:10:50 2015, Last Saved Time/Date: Thu Sep 24 11:10:50 2015, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.9.1208.0), Security: 2
MD5:

2E5B01E4A17B7023965732C18B67953F

SHA1:

3B0F5FDFC719A67A976F05D3C0DB8F7E1159E234

SHA256:

BC6C6D980D3CF9530A755285C5FFDC7C538B27EB41F29C8091DFA4269B357FCB

SSDEEP:

98304:HBfHPW+xnIay1JmrrjEEE/SzpEEmVp0Gx3uSZW0aAKuwA7rCxxzkr1KO:BlIVJmXz+Vp08Zzb72xax

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads settings of System Certificates

      • msiexec.exe (PID: 3536)
  • INFO

    • Process checks LSA protection

      • msiexec.exe (PID: 3988)
    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 3988)
    • Checks supported languages

      • msiexec.exe (PID: 3988)
    • Reads the computer name

      • msiexec.exe (PID: 3988)
    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 3536)
    • Creates a file in a temporary directory

      • msiexec.exe (PID: 3536)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe no specs msiexec.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3536"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\Idera.SQL.Check.Setup (x64).msi"C:\Windows\System32\msiexec.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3988C:\Windows\system32\msiexec.exe /VC:\Windows\system32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
3 263
Read events
3 249
Write events
14
Delete events
0

Modification events

(PID) Process:(3536) msiexec.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
0
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
3536msiexec.exeC:\Users\admin\AppData\Local\Temp\MSIeca4.LOGtext
MD5:7C539765D7F35C9E8048340EF2F159DC
SHA256:166F3BE7DD89FF5B7B0D7D348053E0A2327B8D6598B3A791A1CD73F9697291C3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info