File name:

LocalServiceComponents.exe

Full analysis: https://app.any.run/tasks/07443c5c-9b08-4921-92b9-f2070e47a8b0
Verdict: Malicious activity
Analysis date: February 29, 2024, 20:41:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

0B3B4577F0458D149B668CAD993585FC

SHA1:

2CF1145EB7BE2A9805D91E4C31AF5ECC8AE6A9B5

SHA256:

2FF84C00D545BA41B1E6254B485397A425813FD2798FA0427251FF1E7EB1E9EE

SSDEEP:

98304:nmXgErBs3ECa8e/afQqqlZ+hwsDaNaPaTklFeWGzPjVGI2y/pjNnZquICvfU2oSv:/ANC57/T5cVCayonDLknKFtKekBazIGN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • LocalServiceComponents.exe (PID: 3864)
      • LocalServiceComponents.exe (PID: 3228)
      • LocalServiceComponents.tmp (PID: 1876)

    • Changes the autorun value in the registry

      • LocalServiceComponents.tmp (PID: 1876)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • LocalServiceComponents.tmp (PID: 1876)

    • Executable content was dropped or overwritten

      • LocalServiceComponents.tmp (PID: 1876)
      • LocalServiceComponents.exe (PID: 3228)
      • LocalServiceComponents.exe (PID: 3864)

    • The process drops C-runtime libraries

      • LocalServiceComponents.tmp (PID: 1876)

    • Reads the Windows owner or organization settings

      • LocalServiceComponents.tmp (PID: 1876)

  • INFO

    • Checks supported languages

      • LocalServiceComponents.exe (PID: 3228)
      • LocalServiceComponents.tmp (PID: 1876)
      • LocalServiceControl.exe (PID: 2444)
      • LocalServiceComponents.tmp (PID: 4052)
      • LocalServiceComponents.exe (PID: 3864)

    • Create files in a temporary directory

      • LocalServiceComponents.tmp (PID: 1876)
      • LocalServiceComponents.exe (PID: 3864)
      • LocalServiceComponents.exe (PID: 3228)

    • Creates files in the program directory

      • LocalServiceComponents.tmp (PID: 1876)
      • LocalServiceControl.exe (PID: 2444)

    • Reads the computer name

      • LocalServiceComponents.tmp (PID: 1876)
      • LocalServiceControl.exe (PID: 2444)
      • LocalServiceComponents.tmp (PID: 4052)

    • Creates a software uninstall entry

      • LocalServiceComponents.tmp (PID: 1876)

    • Manual execution by a user

      • chrome.exe (PID: 3092)

    • Application launched itself

      • chrome.exe (PID: 3092)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (60)
.exe | Win32 EXE PECompact compressed (generic) (22.7)
.exe | Win32 Executable Delphi generic (7.7)
.dll | Win32 Dynamic Link Library (generic) (3.6)
.exe | Win32 Executable (generic) (2.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 37888
InitializedDataSize: 14848
UninitializedDataSize: -
EntryPoint: 0x9b24
OSVersion: 1
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.89
ProductVersionNumber: 1.0.0.89
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: LocalServiceComponents Setup
FileVersion: 1.0.0.89
LegalCopyright:
ProductName: LocalServiceComponents
ProductVersion: 1.0.0.89
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
109
Monitored processes
70
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start localservicecomponents.exe localservicecomponents.tmp no specs localservicecomponents.exe localservicecomponents.tmp localservicecontrol.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
128"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=3776 --field-trial-handle=1168,i,14097333894346212352,14802853757555128354,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
324"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3132 --field-trial-handle=1168,i,14097333894346212352,14802853757555128354,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
448"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=3428 --field-trial-handle=1168,i,14097333894346212352,14802853757555128354,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
680"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4752 --field-trial-handle=1168,i,14097333894346212352,14802853757555128354,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
764"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5084 --field-trial-handle=1168,i,14097333894346212352,14802853757555128354,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
784"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2852 --field-trial-handle=1168,i,14097333894346212352,14802853757555128354,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
952"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5648 --field-trial-handle=1168,i,14097333894346212352,14802853757555128354,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
1236"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2132 --field-trial-handle=1168,i,14097333894346212352,14802853757555128354,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
1376"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7164 --field-trial-handle=1168,i,14097333894346212352,14802853757555128354,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
1392"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6332 --field-trial-handle=1168,i,14097333894346212352,14802853757555128354,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
160
Suspicious files
163
Text files
82
Unknown types
83

Dropped files

PID
Process
Filename
Type
1876LocalServiceComponents.tmpC:\Program Files\LocalServiceComponents\is-NTDTN.tmpexecutable
MD5:2CB503D320C7A5553DA85673F64AFE54
SHA256:E8453BFE57E0B8E3C52F331C1CD5AEF343B92F2520433602A64026F730E4E9FF
1876LocalServiceComponents.tmpC:\Program Files\LocalServiceComponents\AudioIntercom.dllexecutable
MD5:964E43768A908D5DCD7D414FE7B4422E
SHA256:BDA8C3A87194409FB51CE72553C78CF3DF61AE4F23700203940B4D0669577229
1876LocalServiceComponents.tmpC:\Program Files\LocalServiceComponents\unins000.exeexecutable
MD5:905C6DC64BBC773C4CFF4B6ED21D214C
SHA256:1D7DC226DD83782EACC3F190078F65861B6510AF2D2286164C7348D1C50DC952
1876LocalServiceComponents.tmpC:\Program Files\LocalServiceComponents\is-VVM7R.tmpexecutable
MD5:964E43768A908D5DCD7D414FE7B4422E
SHA256:BDA8C3A87194409FB51CE72553C78CF3DF61AE4F23700203940B4D0669577229
1876LocalServiceComponents.tmpC:\Program Files\LocalServiceComponents\AudioProcess.dllexecutable
MD5:CEB25B8C43E4DC3257AE3CEF9C937671
SHA256:E1F95D02E9C621B5E15600DF81F1CBD853ED823BA1197F85BAE17924AA0C2EB8
1876LocalServiceComponents.tmpC:\Program Files\LocalServiceComponents\AudioRender.dllexecutable
MD5:2CB503D320C7A5553DA85673F64AFE54
SHA256:E8453BFE57E0B8E3C52F331C1CD5AEF343B92F2520433602A64026F730E4E9FF
1876LocalServiceComponents.tmpC:\Program Files\LocalServiceComponents\is-HC282.tmpexecutable
MD5:905C6DC64BBC773C4CFF4B6ED21D214C
SHA256:1D7DC226DD83782EACC3F190078F65861B6510AF2D2286164C7348D1C50DC952
1876LocalServiceComponents.tmpC:\Program Files\LocalServiceComponents\is-9CILM.tmptext
MD5:C26CB31D931C644F7E6772DD5EA1FF30
SHA256:D66C8A0995DFF7884019D9C3B219E70CC1D620D7B390AE3811987FE757587111
1876LocalServiceComponents.tmpC:\Program Files\LocalServiceComponents\LocalServiceConfig.jsontext
MD5:C26CB31D931C644F7E6772DD5EA1FF30
SHA256:D66C8A0995DFF7884019D9C3B219E70CC1D620D7B390AE3811987FE757587111
1876LocalServiceComponents.tmpC:\Users\admin\AppData\Local\Temp\is-RLTT2.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
225
DNS requests
391
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
856
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acezyjyt2fp2x53dhyqbvt3gxdlq_63/khaoiebndkojlmppeemjhbpbandiljpe_63_win_pz5ggrx6ddtwepg55hf2663jnu.crx3
unknown
unknown
3724
chrome.exe
GET
200
192.124.249.31:80
http://certificates.godaddy.com/repository/gdig2.crt
unknown
binary
1.21 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3092
chrome.exe
239.255.255.250:1900
unknown
3724
chrome.exe
142.250.184.227:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
3724
chrome.exe
64.233.167.84:443
accounts.google.com
GOOGLE
US
unknown
3724
chrome.exe
142.250.74.196:443
www.google.com
GOOGLE
US
whitelisted
3092
chrome.exe
224.0.0.251:5353
unknown
3724
chrome.exe
172.217.16.195:443
update.googleapis.com
GOOGLE
US
whitelisted
3724
chrome.exe
172.217.18.14:443
encrypted-tbn0.gstatic.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 142.250.184.227
whitelisted
accounts.google.com
  • 64.233.167.84
shared
www.google.com
  • 142.250.74.196
whitelisted
update.googleapis.com
  • 172.217.16.195
whitelisted
encrypted-tbn0.gstatic.com
  • 172.217.18.14
whitelisted
lh5.googleusercontent.com
  • 142.250.74.193
whitelisted
fortysite.com
  • 162.215.121.104
unknown
fonts.googleapis.com
  • 142.250.186.74
whitelisted
fonts.gstatic.com
  • 142.250.186.163
whitelisted
fundingchoicesmessages.google.com
  • 216.58.212.174
whitelisted

Threats

PID
Process
Class
Message
3724
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] A free CDN for open source projects (jsdelivr .net)
Process
Message
LocalServiceControl.exe
WriteLocalFile: "C:\\Users\\admin\\WebComponents\\local.json"
LocalServiceControl.exe
QCoreApplication::applicationDirPath: Please instantiate the QApplication object first
LocalServiceControl.exe
5
LocalServiceControl.exe
"No such file or directory"
LocalServiceControl.exe
WriteLocalFile: "C:\\Users\\admin\\WebComponents\\local.json"
LocalServiceControl.exe
QCoreApplication::applicationDirPath: Please instantiate the QApplication object first
LocalServiceControl.exe
5
LocalServiceControl.exe
"No such file or directory"
LocalServiceControl.exe
WriteLocalFile: "C:\\Users\\admin\\WebComponents\\local.json"
LocalServiceControl.exe
QCoreApplication::applicationDirPath: Please instantiate the QApplication object first
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
LocalServiceComponents.exe