IOC Report
MSI_Driver_Utility_Installer.exe

loading gif

Files

File Path
Type
Category
Malicious
MSI_Driver_Utility_Installer.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MSI_Driver_Utili_6b9d45877b58dbb9595f90a7a8b6fffba2df0_4fdf0b27_e33bdeae-1ffa-4006-8fa4-e453f397e003\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1901.tmp.dmp
Mini DuMP crash report, 15 streams, Wed Oct 23 18:31:53 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C3E.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C6E.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\Desktop\Log\Application_10_23_2024.log
ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exe
"C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 1300

URLs

Name
IP
Malicious
http://foo/MainWindow.xamld
unknown
http://foo/bar/mainwindow.baml
unknown
http://foo/bar/mainwindow.bamld
unknown
http://defaultcontainer/MainWindow.xamld
unknown
http://foo/MainWindow.xaml
unknown
https://liveupdate.msi.com/cd/MSI_WU_DRIVER/MB/DQA/
unknown
https://download.)https://download-cn.
unknown
https://liveupdate.msi.com/cd/MSI_WU_DRIVER/MB/DQA/Miscellaneous.cfg
unknown
http://upx.sf.net
unknown
https://liveupdate.msi.com/cd/MSI_WU_DRIVER/MB/Release/Miscellaneous.cfg
unknown
https://liveupdate.msi.com/cd/MSI_WU_DRIVER/MB/Release/Miscellaneous.cfgghttps://liveupdate.msi.com/
unknown
http://defaultcontainer/MainWindow.xaml
unknown
https://liveupdate.msi.com/cd/MSI_WU_DRIVER/MB/Release/
unknown
https://liveupdate.-https://liveupdate-cn.
unknown
There are 4 hidden URLs, click here to show them.

Registry

Path
Value
Malicious
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
ProgramId
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
FileId
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
LowerCaseLongPath
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
LongPathHash
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
Name
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
OriginalFileName
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
Publisher
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
Version
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
BinFileVersion
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
BinaryType
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
ProductName
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
ProductVersion
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
LinkDate
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
BinProductVersion
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
AppxPackageFullName
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
AppxPackageRelativeId
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
Size
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
Language
\REGISTRY\A\{9eb2cd75-fd9b-0ce3-40f1-a1fc47f4c339}\Root\InventoryApplicationFile\msi_driver_utili|5eea8f5d4b8e3e0b
Usn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
ApplicationFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
There are 13 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
E2B000
trusted library allocation
page read and write
E45000
trusted library allocation
page execute and read and write
CBE000
stack
page read and write
503F000
stack
page read and write
59C0000
heap
page read and write
E70000
heap
page read and write
6E2000
unkown
page readonly
5083000
heap
page execute and read and write
E2D000
trusted library allocation
page execute and read and write
56C0000
trusted library allocation
page read and write
FB4000
heap
page read and write
2A80000
heap
page read and write
541E000
stack
page read and write
2AC1000
trusted library allocation
page read and write
728000
unkown
page readonly
CF0000
trusted library allocation
page read and write
D05000
heap
page read and write
735000
unkown
page readonly
F24000
heap
page read and write
589C000
stack
page read and write
FAA000
heap
page read and write
579B000
stack
page read and write
59A0000
heap
page execute and read and write
EBE000
stack
page read and write
C7E000
stack
page read and write
3AD1000
trusted library allocation
page read and write
E29000
trusted library allocation
page read and write
E36000
trusted library allocation
page execute and read and write
5044000
heap
page read and write
2AB0000
heap
page read and write
EC0000
heap
page execute and read and write
4F3E000
stack
page read and write
2A7E000
stack
page read and write
555E000
stack
page read and write
5080000
heap
page execute and read and write
59B0000
heap
page read and write
56D0000
trusted library allocation
page execute and read and write
3AC1000
trusted library allocation
page read and write
E47000
trusted library allocation
page execute and read and write
EEA000
heap
page read and write
569E000
stack
page read and write
FC2000
heap
page read and write
D00000
heap
page read and write
E42000
trusted library allocation
page read and write
6E0000
unkown
page readonly
F92000
heap
page read and write
1180000
trusted library allocation
page read and write
2AA0000
trusted library allocation
page read and write
B50000
heap
page read and write
58A0000
heap
page read and write
E4B000
trusted library allocation
page execute and read and write
C30000
heap
page read and write
702000
unkown
page readonly
10DF000
stack
page read and write
59C8000
heap
page read and write
E13000
trusted library allocation
page execute and read and write
FAF000
heap
page read and write
531E000
stack
page read and write
E10000
trusted library allocation
page read and write
2B35000
trusted library allocation
page read and write
E1D000
trusted library allocation
page execute and read and write
E20000
trusted library allocation
page read and write
FBF000
heap
page read and write
2A3F000
stack
page read and write
E30000
trusted library allocation
page read and write
E32000
trusted library allocation
page read and write
1190000
heap
page read and write
2AB8000
heap
page read and write
F16000
heap
page read and write
4BBD000
stack
page read and write
5750000
heap
page read and write
545E000
stack
page read and write
EEE000
heap
page read and write
559E000
stack
page read and write
EE0000
heap
page read and write
E3A000
trusted library allocation
page execute and read and write
7EA000
stack
page read and write
E0E000
stack
page read and write
AF7000
stack
page read and write
ED0000
trusted library allocation
page execute and read and write
E14000
trusted library allocation
page read and write
5040000
heap
page read and write
There are 72 hidden memdumps, click here to show them.