Multi-License Discount Quote

Change Region

English
Threat Database Backdoors Backdoor.DarkKomet.LB

Backdoor.DarkKomet.LB

By CagedTech in Backdoors

Analysis Report

General information

Family Name: Backdoor.DarkKomet.LB
Signature status: Self Signed

Known Samples

MD5: b36230bb88e0a49577d432f5967eabfa
SHA1: 2f7c559e95fe1a2b487cc38c155ec8a872584e30
File Size: 5.62 MB, 5622104 bytes
MD5: f2f78e51d01ec71e45fa5c0ab0f72d22
SHA1: 6cc4e99ef2c6602e72b637846561b73001a6a666
File Size: 5.60 MB, 5600008 bytes
MD5: 7f2fae5fc30283dab3bccf84b99df8c2
SHA1: f65f35130e48179a3ed7d3a1df6770117d289076
File Size: 5.60 MB, 5603008 bytes
MD5: e402c77aed1f40031bd7d1acb54044af
SHA1: 956c355cfb0aaa9d114c9476ca8473135006d01b
File Size: 5.60 MB, 5602976 bytes
MD5: 7eed58851df2ec5e58e6c32692644c57
SHA1: 460454510d7766fffb87d9e5d948f5e6b9b9129a
File Size: 5.36 MB, 5360912 bytes
Show More
MD5: ea109556101e39258bdc572a74518fa4
SHA1: ea214b729c856058e11bdf417917d91955ba909c
File Size: 5.62 MB, 5621872 bytes
MD5: 2e91c591a2732995af9b6ddfba053e7c
SHA1: b107daf7d319f0742e166303047ffecc18326ab6
File Size: 5.86 MB, 5861800 bytes
MD5: 71977472a5a248a0a458fee83a6fd46b
SHA1: a20fcda3f7f524d328250796e74e1fda71da7375
File Size: 5.64 MB, 5642584 bytes
MD5: 9f039b9fdd46afe0437146affcf51900
SHA1: 81dfec45efc00a359280d72bb2fcd823a4230a40
File Size: 5.64 MB, 5644936 bytes
MD5: 3ee532fae6e98c4fcc87179a42c732bc
SHA1: 756f822b0299cbfefc51b1f60146b47e6efa039a
File Size: 5.45 MB, 5445504 bytes
MD5: a623cfa129b7ed5690a46b72f50e5fa8
SHA1: ca84c73bb615c5b55b3cbaddc1281d478a22a502
File Size: 5.35 MB, 5347592 bytes
MD5: 7d7ec5e27d5a71f011da79a5fcf7040f
SHA1: 76bdfc9e795237a0e4ca41409792e3128e08fb3a
File Size: 5.65 MB, 5651904 bytes
MD5: 491375c5ac55bc0cd18a9aa61439ae47
SHA1: f3581f48063002411f192d75b0d90c765fef7d25
File Size: 5.62 MB, 5620216 bytes
MD5: f8cdbdf6eed6a9ed1eca726e22884dde
SHA1: bfc107680f674e7d972b15b9160e7ae29704e17a
File Size: 5.62 MB, 5622536 bytes
MD5: 725c0ff9a930764fea7604a36634bf1f
SHA1: 4bcbf71cd558c3cb2a5fe17ada2e87b53b36e4e3
File Size: 7.15 MB, 7151832 bytes
MD5: 5fe66c5a9c7fd4e0ee1eff2dc3eeea00
SHA1: a5c65816f1138a578e0c0583af76ce45ce45f68a
File Size: 5.62 MB, 5622112 bytes
MD5: 343ed31d4295d0da9ac2d70f553a6999
SHA1: 6279650c16b36585826c35b7e48c2bf03bc53ead
File Size: 5.62 MB, 5622176 bytes
MD5: fc52076dceba92f778e3ddfc779b82e4
SHA1: 1e7da743b04092d2683f5538354dd238902e8635
File Size: 5.85 MB, 5846840 bytes
MD5: c0b10150f54316a9a30c357fe0ca07c6
SHA1: 2126bf383469cb7558620be8a4729f97c4018576
File Size: 5.62 MB, 5622808 bytes
MD5: 166528759bfef593f1e2bb0342b93a0c
SHA1: 487266762232cc86904acddf04806c2ff3473bf6
File Size: 5.65 MB, 5646112 bytes
MD5: db4053531fe45c0bed8aaf7b10f4bbfc
SHA1: 653fd555cb10f7b2ddbade104842813ee5ff867c
SHA256: 0418ABA40BA81FFD832A5EE50B0B5D111E7C2801F793559E9F74B998965D872F
File Size: 5.62 MB, 5622552 bytes
MD5: b01bd34cc328ad96322c7a00f348a0ce
SHA1: 0aef2073c6656a3a14ec33cf5a11068fc9b44dac
SHA256: 6BACBD566A64A64AEF0D4FD0739BA32B99E2B32AB67567D423EC809A817BFAAA
File Size: 5.63 MB, 5628704 bytes
MD5: e416e997e27fa879db8402e2259f7a4f
SHA1: f7879c16b823a480241910413ded3f1d4c4344e6
SHA256: 659164F5266D8D88E6258D4297A9FEF559A6D49211BCDDD4CB2F024C16ABF36D
File Size: 5.65 MB, 5652440 bytes
MD5: 89bc6c6c05d674318bb48fbe5ff69a5c
SHA1: 0256f6717e8bcc50896af68e66ee3920ff756061
SHA256: F1484576D6E98C607FF04FB0ECAA9E68A0A1A95D1448226994482B2DFE110D5B
File Size: 5.62 MB, 5622152 bytes
MD5: 989a04b350eb4523f6c55bd5a0865075
SHA1: 065c7ebd2c3590ef443afeb15945b9e615731cca
SHA256: 81D3881E9C504136F56A2B9A345AE464D4BC6E2AC7C9CF8822EDBBAAD7B64F84
File Size: 5.62 MB, 5621840 bytes
MD5: 3be823c050ddaddea20639c4412a1b59
SHA1: bcdef9eab165ed2fb1997b4e9c25143f57cf3607
SHA256: F78CED44457A1DF6F47F54B33D9E41DC3D75695694EE27E939CA076E5E400334
File Size: 5.90 MB, 5898488 bytes
MD5: 89c60e38220b6184708f1ed53e2d71ea
SHA1: 17b641176b2f724bdfc4bdfa9bc86b02281042bf
SHA256: 1B66BAF1456F8BEDCF3186C0298B769EFA1D30AA172CE68FAD72570C923FBE6F
File Size: 5.79 MB, 5793504 bytes
MD5: 7af6c9543dfc3b98c904e90e6c8c4c59
SHA1: db765bebd16e57d3aafacbc0006701e3d2270901
SHA256: 7AB54BEDB14F20D2085EACEFA9A8EE75906F9F3BFAD2127CC415BB0F3CEDDAF4
File Size: 5.80 MB, 5796624 bytes
MD5: 86780f7b35983c6c988e20b1f27bf776
SHA1: 1a23fbcddf66eaf307ce5984e4f0715ff2631529
SHA256: A54952CB26DBAD8023251CEB2DF6AD4430824D1969F1CED2A6B58A0D80916669
File Size: 5.62 MB, 5624120 bytes
MD5: 7c6080add21384bb137dd9525710cb6a
SHA1: 0eaa1d53658c0d83256b66b9bae3b651eb522ced
SHA256: A7FFEE8F45A7B995A17391B79D496DA14E2108E57DF9BC9021988A3DB701ECB4
File Size: 5.65 MB, 5647272 bytes
MD5: 5a9e44f477d8a853088ae4221e2c93d4
SHA1: a769c24d1db56c582ed351d6048336ff3d9e92f5
SHA256: CA7C64E4013CF4750609574208E2826D2F327E8496DC2D72A73D9EAB7AEBBA1A
File Size: 5.70 MB, 5696040 bytes
MD5: c6b74ffd4e93461dbcd2f86178b5cca3
SHA1: 351f5be54bd7e712a3c3275aaff6467ec2a1648d
SHA256: 6FBBBFFD54B2321FB8765D3A14438BA85A7AB7530C3453D8FA3A0E6A43907FAB
File Size: 5.68 MB, 5684992 bytes
MD5: 80858cb619fdb4f81d716eaee3bea83d
SHA1: abffa7dc4361712641b83c805ba2433d7549cdd4
SHA256: 304FC8971FBA2B6EFC1F90C6172B6471D43519A3E87DC08DD079C1AF2D143320
File Size: 5.62 MB, 5621448 bytes
MD5: 27bc0adbb37f7cf67754df8884ed04dd
SHA1: 1fb2c90bcbc1d72a7d09bb31d2b714a14af3eb97
SHA256: A5ECFE288511F68B271CA9AC0187BB5688B972E9019E6D16CB7E6632C938C2B2
File Size: 5.48 MB, 5481536 bytes
MD5: 8b90b102547bf35ad1cbc215bcc5ab7e
SHA1: cf99fb7a9bc9ab8fb29a5c73f89cd0d518e22538
SHA256: 8D39881CFC4502E9FDE9B02FF38015F2024938C1B216E5996B5BDFF0FC9F42B2
File Size: 5.66 MB, 5661432 bytes
MD5: 3abaa408826b6a8967d2ec82f5ca0cf5
SHA1: 75e99c023e209f539fe9eca6674eda53ac32fce7
SHA256: DA795CE0BA91E857F25B164827D575F9CED03920127C5FD1E84971FAC45081A1
File Size: 5.48 MB, 5475864 bytes
MD5: 56ba83e9f552c802500769cbc545663b
SHA1: e51765a2e3986c4a6d6de57a82887f696b909cff
SHA256: E94E1AEF024F6F2FF6904BADE9136B9119E22B33F819C4E3C4CF864695BFF684
File Size: 5.42 MB, 5421424 bytes
MD5: 54f1864d64814a66d414e2dafd56d2e1
SHA1: f8f4da4fda178555e3d65bf5da985454726e3ba8
SHA256: 0E011239E417CB2FE6722A1B9DC1BDC1D3552FA12017E2484C1C40247512C763
File Size: 5.72 MB, 5716936 bytes
MD5: 1e741ebbd88cb38a6d737c90a5bf704c
SHA1: 1967943912f099bdbe89ae19f7a5e99709448943
SHA256: D4B8332E465CDEFBDDFABEA6E1372D5877295366B40FD01BAD5EF25AF50246B8
File Size: 7.15 MB, 7151504 bytes
MD5: ae12c5dfe742d87687d4354d4869f77b
SHA1: 211493c627dab19432d6a98d80d23fff817fd4bc
SHA256: 20F0BA1768D5ADC545D293F5BB98DBFF4AECC6DCFE40BBF993A807C41C2A0F1F
File Size: 5.65 MB, 5646432 bytes
MD5: 4a3727583e7bd4b2713053734ecf06cb
SHA1: a5590d3aa410024252a2395d4ddaa05c0d37f233
SHA256: EA6C229E23B5291ED2724B18014AF7DA8C69B2AE60F5B3F280E252EF88F03564
File Size: 5.62 MB, 5622720 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Digital Signatures

Signer Root Status
ConnectWise, LLC DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Connectwise, LLC DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed

File Traits

  • big overlay
  • HighEntropy
  • No Version Info
  • x86

Block Information

Total Blocks: 2,872
Potentially Malicious Blocks: 95
Whitelisted Blocks: 2,777
Unknown Blocks: 0

Visual Map

x x 2 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 1 1 1 1 2 0 x x 0 0 0 0 0 x x 0 1 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 2 2 0 3 1 1 0 0 1 0 0 0 0 0 0 x x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 1 0 1 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 1 0 0 0 2 2 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 1 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 2 x x 0 0 x 0 0 0 0 0 x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 x x x 0 0 x x 0 x 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 1 1 1 0 0 1 x x 0 0 0 x 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 x x x x 0 0 0 0 0 0 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 1 0 0 0 x x 0 0 0 x x 0 x x x 0 0 x 0 0 0 x 0 0 x 0 0 0 0 x 0 0 1 0 x x x 2 0 1 0 0 0 0 0 2 0 0 0 2 0 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 2 x 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 1 1 0 0 1 0 0 2 2 0 0 0 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\msi5ab3.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msi75ae1.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenconnect\0b03fa83feb97678\setup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.17.9294\4205d3d2c4079896\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.4.9026\b110193dd7ffa16b\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.6.9056\3a4594764213d345\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.6.9056\4dd34b872dc83e99\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\096dfbe4f0fcf374\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\13751a720371da47\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\24e531e7599a1f36\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\3d47c83d01f959c9\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\6a3fdc8af50414e0\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\6d46d368fa5f5694\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\862c9d0811dcdbf4\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\8fdd56e0b61fc0a0\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\eb8eec7114d767d2\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\faa13c12456679e2\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.4.5.9139\82859b5f801a1776\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.1.7.9171\c69d88186a651b0b\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.1.9.9185\2b158019a06b1e8b\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.1.9.9186\d9b0554a2975771c\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.3.9216\7af989ed2aa44201\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.3.9216\e9eb7e16e4985bbc\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.4.9229\1b913ae746a50099\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.4.9229\36f99f3e9b37aaae\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.4.9229\4bf9943d79f30631\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.4.9229\ca89e00e4acb6e0c\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.3.1.9245\ebaa6c9b1f6961cb\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.3.2.9271\f8c252a6de51af75\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.3.4.9288\ece2504b23176776\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.3.8.9294\c58b7a992149addd\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.4.3.9287\43e3f583da90a4d1\screenconnect.clientsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\472449c351f5d73b\setup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\5bf48dce8a56eb63\setup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\8cb78d3d3a881716\setup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\ad7cfea92c8da348\setup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\bf692ce7aa1ee17c\setup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\c892c7342a30c3dd\setup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\de5851ad6e374ce3\setup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\setup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Other Suspicious
  • AdjustTokenPrivileges
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx

Shell Command Execution

C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\Odayzgrq\AppData\Local\Temp\ScreenConnect\25.3.2.9271\f8c252a6de51af75\ScreenConnect.ClientSetup.msi"
(NULL) msiexec.exe /i "C:\Users\Odayzgrq\AppData\Local\Temp\ScreenConnect\25.3.2.9271\f8c252a6de51af75\ScreenConnect.ClientSetup.msi"

Trending

Most Viewed

Loading...