URL: | https://kcsoftwares.com/files/sumo_lite.exe |
Full analysis: | https://app.any.run/tasks/ac669099-616c-4ca1-9aad-30d324019ea6 |
Verdict: | Malicious activity |
Analysis date: | January 17, 2019, 21:00:14 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | E1A24CFD2C6FAB2DA60783D4841DF3A3 |
SHA1: | 5E6276931D369BE311B13649494F6FBDA2787C6E |
SHA256: | 6A099BE79F603AACCD849B6C8600042529A36B1B2BFA277C2A0CAC3E55ADD182 |
SSDEEP: | 3:N8DWY0EXGU0KYhAC:2KY0EWqC |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2992 | "C:\Program Files\Mozilla Firefox\firefox.exe" https://kcsoftwares.com/files/sumo_lite.exe | C:\Program Files\Mozilla Firefox\firefox.exe | explorer.exe | |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Version: 61.0.2 | ||||
2652 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2992.0.980185700\1912493366" -childID 1 -isForBrowser -prefsHandle 700 -prefsLen 8310 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2992 "\\.\pipe\gecko-crash-server-pipe.2992" 1464 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 61.0.2 | ||||
3540 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2992.6.915471901\70391030" -childID 2 -isForBrowser -prefsHandle 2552 -prefsLen 11442 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2992 "\\.\pipe\gecko-crash-server-pipe.2992" 2564 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 61.0.2 | ||||
3544 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2992.12.969738700\1297441576" -childID 3 -isForBrowser -prefsHandle 2192 -prefsLen 12017 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2992 "\\.\pipe\gecko-crash-server-pipe.2992" 3488 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 61.0.2 | ||||
2028 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2784 | "C:\Users\admin\Downloads\sumo_lite.exe" | C:\Users\admin\Downloads\sumo_lite.exe | explorer.exe | |
User: admin Company: KC Softwares Integrity Level: MEDIUM Description: KC Softwares SUMo Setup Exit code: 0 Version: 5.8.11.414 | ||||
2272 | "C:\Users\admin\AppData\Local\Temp\is-E8QN6.tmp\sumo_lite.tmp" /SL5="$40132,2106972,163328,C:\Users\admin\Downloads\sumo_lite.exe" | C:\Users\admin\AppData\Local\Temp\is-E8QN6.tmp\sumo_lite.tmp | — | sumo_lite.exe |
User: admin Integrity Level: MEDIUM Description: Setup/Uninstall Exit code: 0 Version: 51.52.0.0 | ||||
3432 | "C:\Users\admin\Downloads\sumo_lite.exe" /SPAWNWND=$301F8 /NOTIFYWND=$40132 | C:\Users\admin\Downloads\sumo_lite.exe | sumo_lite.tmp | |
User: admin Company: KC Softwares Integrity Level: HIGH Description: KC Softwares SUMo Setup Exit code: 0 Version: 5.8.11.414 | ||||
4064 | "C:\Users\admin\AppData\Local\Temp\is-ST8B0.tmp\sumo_lite.tmp" /SL5="$401F6,2106972,163328,C:\Users\admin\Downloads\sumo_lite.exe" /SPAWNWND=$301F8 /NOTIFYWND=$40132 | C:\Users\admin\AppData\Local\Temp\is-ST8B0.tmp\sumo_lite.tmp | sumo_lite.exe | |
User: admin Integrity Level: HIGH Description: Setup/Uninstall Exit code: 0 Version: 51.52.0.0 | ||||
2416 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | sumo_lite.tmp | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2992 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm | — | |
MD5:— | SHA256:— | |||
2992 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp | — | |
MD5:— | SHA256:— | |||
2992 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js | — | |
MD5:— | SHA256:— | |||
2992 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm | — | |
MD5:— | SHA256:— | |||
2992 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal | — | |
MD5:— | SHA256:— | |||
2992 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm | — | |
MD5:— | SHA256:— | |||
2992 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin | binary | |
MD5:707C12070C52E55C2A996AC15E219B95 | SHA256:6C5410C655C8EFC48D123ABE708C8940A4218072C0DAF85E03AB45DA6D2CE6B9 | |||
2992 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore | binary | |
MD5:04824A1F92353F43EBB9E7F74B7476FD | SHA256:B48E58EBAB82E4C376F16150A3FFF850C1111FF1F5985D68819CFD6F0DB159D2 | |||
2992 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js | text | |
MD5:3E512FCCEF24E016F109DD550405239D | SHA256:126A277F3A923B1D8F30360450E24ED3F6F464948341E86E4E76FA821EB6C92B | |||
2992 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db | sqlite | |
MD5:AC0468E050C54BE44A871AD97EECDF42 | SHA256:BDE80EFC2E2FF5846450B7859D13959B50100B7EBC1EDD9D5B21FFE50D4EE62A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2992 | firefox.exe | POST | 200 | 172.217.22.14:80 | http://ocsp.pki.goog/GTSGIAG3 | US | der | 463 b | whitelisted |
2992 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
3488 | iexplore.exe | GET | 404 | 173.194.76.82:80 | http://html5shim.googlecode.com/svn/trunk/html5.js | US | html | 1.54 Kb | whitelisted |
2992 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
2028 | explorer.exe | GET | 200 | 91.199.212.52:80 | http://crt.comodoca.com/COMODORSAAddTrustCA.crt | GB | der | 1.37 Kb | whitelisted |
3000 | iexplore.exe | GET | 200 | 213.186.33.69:80 | http://www.kcsoftwares.com/images/kclogo.png | FR | image | 1.15 Kb | malicious |
2992 | firefox.exe | POST | 200 | 2.21.242.204:80 | http://ocsp.int-x3.letsencrypt.org/ | NL | der | 527 b | whitelisted |
3000 | iexplore.exe | GET | 200 | 213.186.33.69:80 | http://www.kcsoftwares.com/assets/js/jquery.js | FR | text | 32.5 Kb | malicious |
2992 | firefox.exe | POST | 200 | 2.21.242.204:80 | http://ocsp.int-x3.letsencrypt.org/ | NL | der | 527 b | whitelisted |
2992 | firefox.exe | GET | 200 | 2.16.186.50:80 | http://detectportal.firefox.com/success.txt | unknown | text | 8 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2992 | firefox.exe | 172.217.23.174:443 | sb-ssl.google.com | Google Inc. | US | whitelisted |
2992 | firefox.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2992 | firefox.exe | 2.16.186.50:80 | detectportal.firefox.com | Akamai International B.V. | — | whitelisted |
2028 | explorer.exe | 91.199.212.52:80 | crt.comodoca.com | Comodo CA Ltd | GB | suspicious |
2992 | firefox.exe | 172.217.22.14:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
2992 | firefox.exe | 52.41.60.30:443 | tiles.services.mozilla.com | Amazon.com, Inc. | US | unknown |
3488 | iexplore.exe | 104.19.199.151:443 | cdnjs.cloudflare.com | Cloudflare Inc | US | shared |
2992 | firefox.exe | 52.27.184.151:443 | search.r53-2.services.mozilla.com | Amazon.com, Inc. | US | unknown |
2992 | firefox.exe | 172.217.22.10:443 | safebrowsing.googleapis.com | Google Inc. | US | whitelisted |
2416 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
kcsoftwares.com |
| whitelisted |
detectportal.firefox.com |
| whitelisted |
a1089.dscd.akamai.net |
| whitelisted |
search.r53-2.services.mozilla.com |
| whitelisted |
search.services.mozilla.com |
| whitelisted |
ocsp.int-x3.letsencrypt.org |
| whitelisted |
a771.dscq.akamai.net |
| whitelisted |
tiles.services.mozilla.com |
| whitelisted |
tiles.r53-2.services.mozilla.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |