URL: | http://apps.k7computing.com/Tools/K7avprm/setup-eng-avp.exe |
Full analysis: | https://app.any.run/tasks/49424c2a-6095-4311-9086-07f759c5ef53 |
Verdict: | Malicious activity |
Analysis date: | November 22, 2018, 13:45:08 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | F09245B7F6C3ED82823938FDE3DC4704 |
SHA1: | AEA7DE8F687105F404A2FECB7102E857149FC361 |
SHA256: | 33D3BBCADB693AB1F02ADED6ABBCDDAE3298AB57D84280205F146E6068BF9CC9 |
SSDEEP: | 3:N1KfXEM2ZKtA2NLn:CsZZ+NLn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2976 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3136 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2976 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2288 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\setup-eng-avp[1].exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\setup-eng-avp[1].exe | — | iexplore.exe |
User: admin Company: K7 Computing Pvt. Ltd. Integrity Level: MEDIUM Description: K7AntiVirus Premium Exit code: 3221226540 Version: 15, 1, 0, 330 | ||||
3116 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\setup-eng-avp[1].exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\setup-eng-avp[1].exe | iexplore.exe | |
User: admin Company: K7 Computing Pvt. Ltd. Integrity Level: HIGH Description: K7AntiVirus Premium Exit code: 0 Version: 15, 1, 0, 330 | ||||
3092 | "C:\Program Files\K7 Computing\K7TSecurity\K7CrvSvc.exe" /RegServer | C:\Program Files\K7 Computing\K7TSecurity\K7CrvSvc.exe | — | setup-eng-avp[1].exe |
User: admin Company: K7 Computing Pvt Ltd Integrity Level: HIGH Description: K7Carnivore Service Exit code: 0 Version: 12, 0, 1, 8 | ||||
3320 | "C:\Program Files\K7 Computing\K7TSecurity\K7RTScan.exe" /RegServer | C:\Program Files\K7 Computing\K7TSecurity\K7RTScan.exe | — | setup-eng-avp[1].exe |
User: admin Company: K7 Computing Pvt Ltd Integrity Level: HIGH Description: K7 Core Service Agent I Exit code: 0 Version: 15, 2, 0, 76 | ||||
1396 | "C:\Program Files\K7 Computing\K7TSecurity\K7EmlPxy.exe" /RegServer | C:\Program Files\K7 Computing\K7TSecurity\K7EmlPxy.exe | — | setup-eng-avp[1].exe |
User: admin Company: K7 Computing Pvt Ltd Integrity Level: HIGH Description: K7 Core Service Agent IV Exit code: 0 Version: 15, 2, 5, 33 | ||||
3328 | "C:\Program Files\K7 Computing\K7TSecurity\K7TSAlrt.exe" /RegServer | C:\Program Files\K7 Computing\K7TSecurity\K7TSAlrt.exe | — | setup-eng-avp[1].exe |
User: admin Company: K7 Computing Pvt Ltd Integrity Level: HIGH Description: K7ISNotify1 Module Exit code: 0 Version: 15, 2, 1, 5 | ||||
2720 | "C:\Program Files\K7 Computing\K7TSecurity\K7TSMngr.exe" /RegServer | C:\Program Files\K7 Computing\K7TSecurity\K7TSMngr.exe | — | setup-eng-avp[1].exe |
User: admin Company: K7 Computing Pvt Ltd Integrity Level: HIGH Description: K7TotalSecurity Service Manager Exit code: 0 Version: 16, 0, 0, 70 | ||||
2332 | "C:\Program Files\K7 Computing\K7TSecurity\K7TSVlog.exe" /RegServer | C:\Program Files\K7 Computing\K7TSecurity\K7TSVlog.exe | — | setup-eng-avp[1].exe |
User: admin Company: K7 Computing Pvt Ltd Integrity Level: HIGH Description: K7TotalSecurity Log View Manager Exit code: 1 Version: 15, 2, 1, 8 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2976 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2976 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2976 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF18F2C5F227E301D9.TMP | — | |
MD5:— | SHA256:— | |||
3136 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\setup-eng-avp[1].exe | — | |
MD5:— | SHA256:— | |||
2976 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\setup-eng-avp[1].exe | — | |
MD5:— | SHA256:— | |||
2976 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFC9FECC2845D4AD01.TMP | — | |
MD5:— | SHA256:— | |||
2976 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{DC054079-EE5C-11E8-91D7-5254004A04AF}.dat | — | |
MD5:— | SHA256:— | |||
3136 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018112220181123\index.dat | dat | |
MD5:E0BB3C2AEDD562B0A791F8598F5AEFCF | SHA256:178A09091334D06734DC8BDE6293546D3D28367A1AAF32A0A39A5C79D13D0970 | |||
3116 | setup-eng-avp[1].exe | C:\Windows\Temp\K7TSIExt.dll | executable | |
MD5:3E0F7770F55D69CA7EEA7C3E933A99BC | SHA256:F5E2737DAE6A72C77B692494C287E29B59C9CB69DE1B8DFF400B1EE43064C53C | |||
3116 | setup-eng-avp[1].exe | C:\Windows\TEMP\K7TSInsFont.ttf | ttf | |
MD5:692364A9599A246F0D083F865096AB52 | SHA256:1F9E05C6FB8F82D36DCC9E7C7139D4D6A3C509335752372BF9A1A28925AE8565 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3136 | iexplore.exe | GET | — | 178.79.129.76:80 | http://apps.k7computing.com/Tools/K7avprm/setup-eng-avp.exe | GB | — | — | suspicious |
2976 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2976 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3136 | iexplore.exe | 178.79.129.76:80 | apps.k7computing.com | Linode, LLC | GB | suspicious |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
apps.k7computing.com |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
3136 | iexplore.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
3136 | iexplore.exe | unknown | SURICATA TCPv4 invalid checksum |
Process | Message |
---|---|
setup-eng-avp[1].exe | K7Installer: Elapsed Time: 9360 ms
|