analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

eLectaScreenRecorder.msi

Full analysis: https://app.any.run/tasks/2e2be08b-0a78-4965-9575-ce320ef32d05
Verdict: Malicious activity
Analysis date: December 06, 2019, 22:35:39
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {C3535290-965D-449B-B839-6B9647BA15B5}, Title: Electa Live Screen Recorder Setup, Author: ELECTA COMMUNICATIONS LTD, Comments: Electa Live Screen Recorder is a tool for creating screen movies and tutorials., Number of Words: 2, Last Saved Time/Date: Mon Dec 2 07:39:40 2013, Last Printed: Mon Dec 2 07:39:40 2013
MD5:

C657E186FEE3AE3096899E83547A6BBF

SHA1:

0EFAC38BB4D7B23B131579A283C7F744ADD4FFD9

SHA256:

E2D16FE6BEBA1B4D83016F1368C5713F528ACD052CDBB775593421C947DA3E44

SSDEEP:

393216:Ogv0C8xV2Y5xCPBaS0Cw/WwpKKEfryNtZEw/WwpKKEfwq0u5n8k8QUc:T8/2YgaS19wpKKSrsTE9wpKKSD1qQl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • eLectaRecorder.exe (PID: 2112)
      • explorer.exe (PID: 352)
      • vlc.exe (PID: 716)

    • Application was dropped or rewritten from another process

      • eLectaRecorder.exe (PID: 2112)

  • SUSPICIOUS

    • Starts Microsoft Installer

      • explorer.exe (PID: 352)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 1744)

    • Executed as Windows Service

      • vssvc.exe (PID: 4072)

    • Reads Internet Cache Settings

      • eLectaRecorder.exe (PID: 2112)
      • explorer.exe (PID: 352)

    • Creates files in the user directory

      • explorer.exe (PID: 352)
      • vlc.exe (PID: 716)

  • INFO

    • Manual execution by user

      • eLectaRecorder.exe (PID: 2112)

    • Low-level read access rights to disk partition

      • vssvc.exe (PID: 4072)

    • Creates files in the program directory

      • msiexec.exe (PID: 1744)

    • Searches for installed software

      • msiexec.exe (PID: 1744)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 1744)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

LastPrinted: 2013:12:02 07:39:40
ModifyDate: 2013:12:02 07:39:40
Words: 2
Comments: Electa Live Screen Recorder is a tool for creating screen movies and tutorials.
Keywords: -
Author: ELECTA COMMUNICATIONS LTD
Subject: -
Title: Electa Live Screen Recorder Setup
RevisionNumber: {C3535290-965D-449B-B839-6B9647BA15B5}
Pages: 200
Template: Intel;1033
CodePage: Windows Latin 1 (Western European)
Security: Password protected
Software: Windows Installer
CreateDate: 1999:06:21 07:00:00
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
6
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe no specs msiexec.exe vssvc.exe no specs electarecorder.exe no specs explorer.exe no specs vlc.exe

Process information

PID
CMD
Path
Indicators
Parent process
2764"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\Desktop\eLectaScreenRecorder.msi"C:\Windows\System32\msiexec.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
1744C:\Windows\system32\msiexec.exe /VC:\Windows\system32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
4072C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2112"C:\Program Files\ELECTA COMMUNICATIONS LTD\Electa Live Screen Recorder\eLectaRecorder.exe" C:\Program Files\ELECTA COMMUNICATIONS LTD\Electa Live Screen Recorder\eLectaRecorder.exeexplorer.exe
User:
admin
Company:
eLecta
Integrity Level:
MEDIUM
Description:
eLectaRecorder
Version:
1.0.0.1
352C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
716"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\admin\Desktop\1.avi"C:\Program Files\VideoLAN\VLC\vlc.exe
explorer.exe
User:
admin
Company:
VideoLAN
Integrity Level:
MEDIUM
Description:
VLC media player
Version:
2.2.6
Total events
7 034
Read events
6 515
Write events
0
Delete events
0

Modification events

No data
Executable files
3
Suspicious files
5
Text files
9
Unknown types
8

Dropped files

PID
Process
Filename
Type
1744msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
1744msiexec.exeC:\Windows\Installer\3a0ef9.msi
MD5:
SHA256:
1744msiexec.exeC:\Users\admin\AppData\Local\Temp\~DF68A5B4ABA79FB6E3.TMP
MD5:
SHA256:
4072vssvc.exeC:
MD5:
SHA256:
1744msiexec.exeC:\Windows\Installer\3a0efc.msi
MD5:
SHA256:
1744msiexec.exeC:\Config.Msi\3a0efb.rbs
MD5:
SHA256:
1744msiexec.exeC:\Users\admin\AppData\Local\Temp\~DF45E80B7CA114FB14.TMP
MD5:
SHA256:
1744msiexec.exeC:\Windows\Installer\MSI163D.tmpbinary
MD5:1BB7F0EFF1CCEA57B2B5A3929B6AB075
SHA256:EE5C57C4EF9F9F0EC4960D8C41B0052BA549736F3391A7F094EDAA8E625FDDB9
1744msiexec.exeC:\Program Files\ELECTA COMMUNICATIONS LTD\Electa Live Screen Recorder\film.icoimage
MD5:B6B77CC40F7BDBBFB9D7B8960FBB9851
SHA256:C45FD52FA81CF121827CC167C47A97191763B3E406AAF9E0743D4DEA1BE24714
1744msiexec.exeC:\Program Files\ELECTA COMMUNICATIONS LTD\Electa Live Screen Recorder\film32.icoimage
MD5:149F659A522059115167B54AEE25B0C9
SHA256:8C4A6A5D4B703E4EF530A65B30872664649612E703D1A2FB82CB85032FEDF11A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
Process
Message
vlc.exe
core libvlc: one instance mode ENABLED
vlc.exe
core libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
vlc.exe
direct3d vout display error: Could not read adapter capabilities. (hr=0x8876086A)
vlc.exe
direct3d vout display error: Direct3D could not be initialized
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
eLectaScreenRecorder.msi