File name: | mma.msi |
Full analysis: | https://app.any.run/tasks/9381dcb0-eaac-480c-a7c8-b80ba48859c9 |
Verdict: | Malicious activity |
Analysis date: | September 11, 2019, 10:32:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Last Printed: Fri Sep 21 10:56:09 2012, Create Time/Date: Fri Sep 21 10:56:09 2012, Name of Creating Application: Windows Installer, Title: Exe to msi converter free, Author: www.exetomsi.com, Template: ;0, Last Saved By: devuser, Revision Number: {C35CF0AA-9B3F-4903-9F05-EBF606D58D3E}, Last Saved Time/Date: Tue May 21 12:56:44 2013, Number of Pages: 100, Number of Words: 0, Security: 0 |
MD5: | A51588A7EACD50B8F7D0348DA2EC17E1 |
SHA1: | 3EAEFC8ACD158F51E877A914D982FDA5E446B178 |
SHA256: | D7CF982F5244B5B3234E2E5C185F7882D34972F30C89BEAB431ED7F7527E223A |
SSDEEP: | 6144:QEq4ZAwvQE6yyj7XEidfLDv6cOsrqj9Dl7fFaWRb1iSjFWC:QEq4NoyWXEiNDv6cJk9Z7fFaWpASM |
.msi | | | Microsoft Installer (100) |
---|
Security: | None |
---|---|
Words: | - |
Pages: | 100 |
ModifyDate: | 2013:05:21 11:56:44 |
RevisionNumber: | {C35CF0AA-9B3F-4903-9F05-EBF606D58D3E} |
LastModifiedBy: | devuser |
Template: | ;0 |
Comments: | - |
Keywords: | - |
Author: | www.exetomsi.com |
Subject: | - |
Title: | Exe to msi converter free |
Software: | Windows Installer |
CreateDate: | 2012:09:21 09:56:09 |
LastPrinted: | 2012:09:21 09:56:09 |
CodePage: | Windows Latin 1 (Western European) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2900 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\mma.msi" | C:\Windows\System32\msiexec.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 1603 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2328 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2204 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3356 | DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot22" "" "" "695c3f483" "00000000" "000003C8" "000004B8" | C:\Windows\system32\DrvInst.exe | — | svchost.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3676 | "C:\Windows\Installer\MSIEC.tmp" | C:\Windows\Installer\MSIEC.tmp | msiexec.exe | |
User: admin Integrity Level: MEDIUM Description: UnityGameEngine Exit code: 3762507597 Version: 1.6.4.5 | ||||
3820 | dw20.exe -x -s 424 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | MSIEC.tmp | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft .NET Error Reporting Shim Exit code: 0 Version: 2.0.50727.4927 (NetFXspW7.050727-4900) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2328 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
3356 | DrvInst.exe | C:\Windows\INF\setupapi.ev3 | binary | |
MD5:8F761032829FB6121AEE77E26DC667A6 | SHA256:F83E1592023B7C8F6C15847F26D30770C0A52E6C7304DBA951EEA437E2737649 | |||
3356 | DrvInst.exe | C:\Windows\INF\setupapi.dev.log | ini | |
MD5:4DDF1513AE8654134A014FB200F69ADB | SHA256:06CC69DD96DB1E55B24B78B056FDCA9E405A175FA35FEF36C844BF9A4BCF6941 | |||
2328 | msiexec.exe | C:\System Volume Information\SPP\snapshot-2 | binary | |
MD5:E43D95599A2D52883F66319EF8B4A91E | SHA256:81B9179D4AE4876EC7A85033A98944C3792DD682BA5551CCAFE51B0D1043137E | |||
2328 | msiexec.exe | C:\System Volume Information\SPP\OnlineMetadataCache\{edefb5b3-e6f8-4179-a5fd-9c11fddc7a5c}_OnDiskSnapshotProp | binary | |
MD5:E43D95599A2D52883F66319EF8B4A91E | SHA256:81B9179D4AE4876EC7A85033A98944C3792DD682BA5551CCAFE51B0D1043137E | |||
2328 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF215B1C74E21DCFF6.TMP | — | |
MD5:— | SHA256:— | |||
3356 | DrvInst.exe | C:\Windows\INF\setupapi.ev1 | binary | |
MD5:EF5EA2A884DFEDC2ACD89B817898A6E3 | SHA256:7B208B617F65F2F1C72D319DF669ADCBF763E9961CDF53CEBA99955AEBB55B41 | |||
2204 | vssvc.exe | C: | — | |
MD5:— | SHA256:— | |||
3820 | dw20.exe | C:\Users\admin\AppData\Local\Temp\WER3E9.tmp.hdmp | — | |
MD5:— | SHA256:— | |||
3820 | dw20.exe | C:\Users\admin\AppData\Local\Temp\WER12FD.tmp.mdmp | — | |
MD5:— | SHA256:— |