File name:

ss_conn_service.exe

Full analysis: https://app.any.run/tasks/efdf9608-d96e-4b42-9446-edfbaccc8513
Verdict: Malicious activity
Analysis date: December 07, 2024, 15:49:19
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (console) Intel 80386, for MS Windows, 6 sections
MD5:

46826B02C346D48A62FF11882AF662BB

SHA1:

B71ADD9D0FAC137237EEC4AB2BD32DBFF6425499

SHA256:

DE8FAD3E99D0E90CE8ABA15D604CF1E80F16C9E4B92F1A41A63D56CF7D96A414

SSDEEP:

12288:1Rg3r9E7ghToVl2at1Q6qDkjNNxqFF2GQdGeusHdVD:/kr9E7ghcltt1bBZNxiFcdGeusHf

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • ss_conn_service.exe (PID: 6376)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads the computer name

      • ss_conn_service.exe (PID: 6376)

    • Checks supported languages

      • ss_conn_service.exe (PID: 6376)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:01:16 06:03:51+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 11
CodeSize: 536064
InitializedDataSize: 619520
UninitializedDataSize: -
EntryPoint: 0x60245
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows command line
FileVersionNumber: 2.5.11.0
ProductVersionNumber: 2.5.11.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Korean
CharacterSet: Unicode
CompanyName: DEVGURU Co., LTD.
FileDescription: MSS CS Connectivity Service
FileVersion: 2.5.11.0
LegalCopyright: Copyright (C) DEVGURU 2002-2013 (www.devguru.co.kr)
ProductName: MSS CS
ProductVersion: 2.5.11.0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
118
Monitored processes
2
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start ss_conn_service.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6376"C:\Users\admin\Desktop\ss_conn_service.exe" C:\Users\admin\Desktop\ss_conn_service.exeexplorer.exe
User:
admin
Company:
DEVGURU Co., LTD.
Integrity Level:
MEDIUM
Description:
MSS CS Connectivity Service
Exit code:
1063
Version:
2.5.11.0
Modules
Images
c:\users\admin\desktop\ss_conn_service.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
6384\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exess_conn_service.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
182
Read events
182
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
19
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2736
svchost.exe
GET
200
23.48.23.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2736
svchost.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2736
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2736
svchost.exe
23.48.23.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.37.237.227:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2736
svchost.exe
23.37.237.227:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2736
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.206
whitelisted
crl.microsoft.com
  • 23.48.23.176
  • 23.48.23.145
  • 23.48.23.162
  • 23.48.23.164
  • 23.48.23.143
  • 23.48.23.141
  • 23.48.23.147
  • 23.48.23.150
whitelisted
www.microsoft.com
  • 23.37.237.227
whitelisted
self.events.data.microsoft.com
  • 20.42.73.28
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ss_conn_service.exe