File name: | Win10-11_System_Upgrade_Software.msi |
Full analysis: | https://app.any.run/tasks/34d76413-b1d3-44dd-93da-c6d6ced7858b |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 07:49:17 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Installer, Author: Corporation, Keywords: Installer, Comments: Installer Package, Template: Intel;1033, Revision Number: {323ACFE5-7C97-4597-A9FE-8A49A51E8C26}, Create Time/Date: Sun May 1 19:49:30 2022, Last Saved Time/Date: Sun May 1 19:49:30 2022, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4993), Security: 2 |
MD5: | 2B48B51F91A115230DBA7030DAACBA7D |
SHA1: | 70F26D8E84EED67ACAE9A527B081E79CDA6B02C1 |
SHA256: | CEBDB409042982A38E58542510D3A5316CF16C191649EAF1C18E00C963900EE2 |
SSDEEP: | 1536:B80S9FvvdT38jyGT2qY4QSDk00Dg1V75fmDoDuNp/+0D80Dc7fx:I9Jlz8jyGT/+uLx |
.msi | | | Microsoft Installer (100) |
---|
Security: | Read-only recommended |
---|---|
Software: | Windows Installer XML Toolset (3.11.2.4993) |
Words: | 10 |
Pages: | 200 |
ModifyDate: | 2022:05:01 18:49:30 |
CreateDate: | 2022:05:01 18:49:30 |
RevisionNumber: | {323ACFE5-7C97-4597-A9FE-8A49A51E8C26} |
Template: | Intel;1033 |
Comments: | Installer Package |
Keywords: | Installer |
Author: | Corporation |
Subject: | Installer |
Title: | Installation Database |
CodePage: | Windows Latin 1 (Western European) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2848 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\Desktop\Win10-11_System_Upgrade_Software.msi" | C:\Windows\System32\msiexec.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3236 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
584 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2852 | C:\Windows\system32\MsiExec.exe -Embedding 0E819103D9B68E86DBDBDF89ADCF3329 | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3236 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
3236 | msiexec.exe | C:\Users\admin\AppData\Local\vf5oc48d7 | — | |
MD5:— | SHA256:— | |||
3236 | msiexec.exe | C:\Windows\Installer\106ce6.ipi | binary | |
MD5:83615EFF3019035BD0EC71CB5ACB9E21 | SHA256:38A458AEC2BE05DD3D0C22620963F291DF8C3BC9DCEE5124E6FB5C52B4FFAD31 | |||
3236 | msiexec.exe | C:\System Volume Information\SPP\OnlineMetadataCache\{1e83cc31-63f6-4e3e-8033-164c392eb1d3}_OnDiskSnapshotProp | binary | |
MD5:8D93C598E4A07FC1FE4BCA5E37BAB225 | SHA256:3BA511DB3B473A5ECE5E0C59CAEFEF22984A8559B6CC641C476A23A16FE6899E | |||
3236 | msiexec.exe | C:\System Volume Information\SPP\snapshot-2 | binary | |
MD5:8D93C598E4A07FC1FE4BCA5E37BAB225 | SHA256:3BA511DB3B473A5ECE5E0C59CAEFEF22984A8559B6CC641C476A23A16FE6899E | |||
3236 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF668B3BC726633F95.TMP | gmc | |
MD5:6DFC84E6DBC2C0810AF3517D196DB894 | SHA256:EABBA198DD6D248CB06410851A44E12927E37E6A8CA92E575009BE397B1A5265 | |||
3236 | msiexec.exe | C:\Config.Msi\106ce7.rbs | binary | |
MD5:D76A8A9ABC1DC6104367CEC7509637C1 | SHA256:A1AA2B82561703A74EE183185BCFF242709D0666259E1C91426A6F907BD09161 | |||
3236 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF1F3877E376F25A93.TMP | gmc | |
MD5:E6C50DC27706CCBE7E66FE724FE8FF65 | SHA256:3D5CC6CCC72749941C8E40358382693D5E76D6CECDB6FDA7AA9BBADD3031B7A9 | |||
3236 | msiexec.exe | C:\Windows\Installer\106ce8.msi | executable | |
MD5:2B48B51F91A115230DBA7030DAACBA7D | SHA256:CEBDB409042982A38E58542510D3A5316CF16C191649EAF1C18E00C963900EE2 | |||
3236 | msiexec.exe | C:\Windows\Installer\SourceHash{1C3CB2C0-D617-49E0-B091-FDF56D0A8A3D} | binary | |
MD5:303C754A16186BDB1D558D135BBB714A | SHA256:65E9679D4E2C62A427B81AE432E64E437268DA24E70DC3FF7F2F7DF341F6B393 |