| File name: | EvoSetup-6.0.9.3.msi |
| Full analysis: | https://app.any.run/tasks/007998e5-5c9f-469a-906d-0819a79c53da |
| Verdict: | Malicious activity |
| Analysis date: | March 12, 2023, 09:01:17 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/x-msi |
| File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Evoluent Mouse Manager, Author: Evoluent, Keywords: Installer, Comments: v.6.0.9.3, Template: Intel;1033, Revision Number: {118F0E2B-1797-4150-91C0-9A157CC01D22}, Create Time/Date: Tue Nov 2 16:11:30 2021, Last Saved Time/Date: Tue Nov 2 16:11:30 2021, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2 |
| MD5: | 9D256DC39B7CD1C0D88388A40E68CC54 |
| SHA1: | 2DA7741298B1E3933F37A5010CFC955FDD8B78A9 |
| SHA256: | E514CA7D8DF9EB0FDBE00C7D32D4AF20B034B45524A9A09BE415DFAB819ABBD6 |
| SSDEEP: | 393216:VHdqUVL+sSSsAXYefKfOXYefofF0s2XYefKf5ZbgLE:V9qyESzYMYD0XYrj |
MALICIOUS
No malicious indicators.SUSPICIOUS
Reads settings of System Certificates
- msiexec.exe (PID: 2668)
Reads security settings of Internet Explorer
- msiexec.exe (PID: 2668)
INFO
The process checks LSA protection
- msiexec.exe (PID: 2668)
- msiexec.exe (PID: 3152)
Create files in a temporary directory
- msiexec.exe (PID: 2668)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .msi | | | Microsoft Windows Installer (98.5) |
|---|---|---|
| .msi | | | Microsoft Installer (100) |
EXIF
FlashPix
| Security: | Read-only recommended |
|---|---|
| Software: | Windows Installer XML Toolset (3.11.1.2318) |
| Words: | 2 |
| Pages: | 200 |
| ModifyDate: | 2021:11:02 16:11:30 |
| CreateDate: | 2021:11:02 16:11:30 |
| RevisionNumber: | {118F0E2B-1797-4150-91C0-9A157CC01D22} |
| Template: | Intel;1033 |
| Comments: | v.6.0.9.3 |
| Keywords: | Installer |
| Author: | Evoluent |
| Subject: | Evoluent Mouse Manager |
| Title: | Installation Database |
| CodePage: | Windows Latin 1 (Western European) |
Total processes
35
Monitored processes
2
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2668 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\EvoSetup-6.0.9.3.msi" | C:\Windows\System32\msiexec.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 1603 Version: 5.0.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 3152 | C:\Windows\system32\msiexec.exe /V | C:\Windows\System32\msiexec.exe | — | services.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
Total events
6 986
Read events
6 958
Write events
28
Delete events
0
Modification events
| (PID) Process: | (2668) msiexec.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
Executable files
0
Suspicious files
0
Text files
2
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2668 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSI4f712.LOG | text | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report