File name:

ScreenConnect.ClientSetup.exe

Full analysis: https://app.any.run/tasks/fec3cebd-0781-48f8-859d-6a0e675d43f1
Verdict: Malicious activity
Threats:

Pikabot is a trojan malware with a focus on loader capabilities. Pikabot is also used for other activities, such as executing commands on the infected system. The earlier versions of the malware made use of extensive code obfuscation to evade detection. Upon infection, it collects system information and sends it to command-and-control servers.

Malware Trends Tracker     >>>
Analysis date: February 04, 2024, 19:32:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
pikabot
screenconnect
remote
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

B26A2D1506ED9B13DC21AB835D32FBD0

SHA1:

49332C7EAE1D2886F11B99ED615199C3ECDB6683

SHA256:

E258D19B41FD6DA90499DA17FE18FC0533FCC758C76D6D0A6032EEC4F946062D

SSDEEP:

98304:oEEKBKU4tOytH9awXB0DXe3S+5OmxlGwP3AW5JTGG0DR/WtxERlVxiE6AAEpzV7P:mDAGsqcR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ScreenConnect.ClientSetup.exe (PID: 3768)

    • Pikabot has been detected

      • rundll32.exe (PID: 2764)
      • rundll32.exe (PID: 2896)
      • rundll32.exe (PID: 1816)

    • Creates a writable file in the system directory

      • ScreenConnect.ClientService.exe (PID: 4020)
      • ScreenConnect.ClientService.exe (PID: 2556)

    • Connects to the CnC server

      • ScreenConnect.ClientService.exe (PID: 4020)
      • ScreenConnect.ClientService.exe (PID: 2556)

    • SCREENCONNECT has been detected (SURICATA)

      • ScreenConnect.ClientService.exe (PID: 4020)
      • ScreenConnect.ClientService.exe (PID: 2556)

  • SUSPICIOUS

    • Reads the Internet Settings

      • ScreenConnect.ClientSetup.exe (PID: 3768)
      • ScreenConnect.WindowsClient.exe (PID: 2512)
      • ScreenConnect.ClientSetup.exe (PID: 2564)
      • ScreenConnect.WindowsClient.exe (PID: 584)

    • Executable content was dropped or overwritten

      • rundll32.exe (PID: 2764)
      • rundll32.exe (PID: 2896)
      • rundll32.exe (PID: 1816)

    • Executes as Windows Service

      • ScreenConnect.ClientService.exe (PID: 4020)
      • ScreenConnect.ClientService.exe (PID: 2556)

    • Creates or modifies Windows services

      • ScreenConnect.ClientService.exe (PID: 4020)
      • ScreenConnect.ClientService.exe (PID: 2556)

    • Executing commands from ".cmd" file

      • ScreenConnect.ClientService.exe (PID: 4020)

    • Starts CMD.EXE for commands execution

      • ScreenConnect.ClientService.exe (PID: 4020)
      • cmd.exe (PID: 3708)

    • Application launched itself

      • cmd.exe (PID: 3708)

    • The process executes VB scripts

      • ScreenConnect.ClientService.exe (PID: 4020)

  • INFO

    • Checks supported languages

      • ScreenConnect.ClientSetup.exe (PID: 3768)
      • ScreenConnect.ClientService.exe (PID: 4020)
      • ScreenConnect.WindowsClient.exe (PID: 2512)
      • ScreenConnect.WindowsClient.exe (PID: 3384)
      • ScreenConnect.ClientSetup.exe (PID: 2564)
      • ScreenConnect.ClientService.exe (PID: 2556)
      • ScreenConnect.WindowsClient.exe (PID: 584)
      • ScreenConnect.WindowsClient.exe (PID: 2612)
      • ScreenConnect.WindowsClient.exe (PID: 560)

    • Reads the computer name

      • ScreenConnect.ClientSetup.exe (PID: 3768)
      • ScreenConnect.ClientService.exe (PID: 4020)
      • ScreenConnect.WindowsClient.exe (PID: 2512)
      • ScreenConnect.WindowsClient.exe (PID: 3384)
      • ScreenConnect.ClientService.exe (PID: 2556)
      • ScreenConnect.WindowsClient.exe (PID: 584)
      • ScreenConnect.ClientSetup.exe (PID: 2564)
      • ScreenConnect.WindowsClient.exe (PID: 2612)
      • ScreenConnect.WindowsClient.exe (PID: 560)

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 2776)
      • rundll32.exe (PID: 2764)
      • rundll32.exe (PID: 2896)
      • msiexec.exe (PID: 2112)
      • rundll32.exe (PID: 1816)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 2776)
      • msiexec.exe (PID: 2112)

    • Reads the machine GUID from the registry

      • ScreenConnect.ClientSetup.exe (PID: 3768)
      • ScreenConnect.ClientService.exe (PID: 4020)
      • ScreenConnect.WindowsClient.exe (PID: 2512)
      • ScreenConnect.WindowsClient.exe (PID: 3384)
      • ScreenConnect.ClientSetup.exe (PID: 2564)
      • ScreenConnect.ClientService.exe (PID: 2556)
      • ScreenConnect.WindowsClient.exe (PID: 584)
      • ScreenConnect.WindowsClient.exe (PID: 560)
      • ScreenConnect.WindowsClient.exe (PID: 2612)

    • Create files in a temporary directory

      • ScreenConnect.ClientSetup.exe (PID: 3768)
      • rundll32.exe (PID: 2764)
      • ScreenConnect.ClientSetup.exe (PID: 2564)
      • rundll32.exe (PID: 1816)

    • Manual execution by a user

      • ScreenConnect.ClientSetup.exe (PID: 2564)
      • ScreenConnect.ClientSetup.exe (PID: 1656)

    • Reads CPU info

      • ScreenConnect.WindowsClient.exe (PID: 3384)
      • ScreenConnect.WindowsClient.exe (PID: 2612)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:11:18 21:10:20+01:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.33
CodeSize: 45568
InitializedDataSize: 5308416
UninitializedDataSize: -
EntryPoint: 0x14ad
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
75
Monitored processes
20
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start screenconnect.clientsetup.exe msiexec.exe #PIKABOT rundll32.exe #SCREENCONNECT screenconnect.clientservice.exe screenconnect.windowsclient.exe no specs screenconnect.windowsclient.exe no specs cmd.exe no specs cmd.exe no specs wscript.exe no specs #PIKABOT rundll32.exe screenconnect.clientsetup.exe no specs screenconnect.clientsetup.exe msiexec.exe #PIKABOT rundll32.exe #SCREENCONNECT screenconnect.clientservice.exe screenconnect.windowsclient.exe no specs screenconnect.windowsclient.exe no specs screenconnect.windowsclient.exe no specs rundll32.exe no specs screenconnect.clientsetup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
560"C:\Program Files\ScreenConnect Client (79fa06832fc287bc)\ScreenConnect.WindowsClient.exe" "RunRole" "4f6cf5e4-2962-4ffe-a386-28ce204d5fda" "System"C:\Program Files\ScreenConnect Client (79fa06832fc287bc)\ScreenConnect.WindowsClient.exeScreenConnect.ClientService.exe
User:
SYSTEM
Company:
ScreenConnect Software
Integrity Level:
SYSTEM
Description:
ScreenConnect Client
Exit code:
0
Version:
23.9.6.8787
Modules
Images
c:\program files\screenconnect client (79fa06832fc287bc)\screenconnect.windowsclient.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
584"C:\Program Files\ScreenConnect Client (79fa06832fc287bc)\ScreenConnect.WindowsClient.exe" "RunRole" "d34a2bde-90ad-4286-b1e1-b3827be50e40" "User"C:\Program Files\ScreenConnect Client (79fa06832fc287bc)\ScreenConnect.WindowsClient.exeScreenConnect.ClientService.exe
User:
admin
Company:
ScreenConnect Software
Integrity Level:
MEDIUM
Description:
ScreenConnect Client
Exit code:
0
Version:
23.9.6.8787
Modules
Images
c:\program files\screenconnect client (79fa06832fc287bc)\screenconnect.windowsclient.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1632"C:\Users\admin\Desktop\ScreenConnect.ClientSetup.exe" C:\Users\admin\Desktop\ScreenConnect.ClientSetup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\screenconnect.clientsetup.exe
c:\windows\system32\ntdll.dll
1656"C:\Users\admin\Desktop\ScreenConnect.ClientSetup.exe" C:\Users\admin\Desktop\ScreenConnect.ClientSetup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\screenconnect.clientsetup.exe
c:\windows\system32\ntdll.dll
1776cmd.exe reboot/rC:\Windows\System32\cmd.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1816rundll32.exe "C:\Users\admin\AppData\Local\Temp\MSI6E74.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1601203 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArgumentsC:\Windows\System32\rundll32.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
2112"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\ScreenConnect\79fa06832fc287bc\setup.msi"C:\Windows\System32\msiexec.exe
ScreenConnect.ClientSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2512"C:\Program Files\ScreenConnect Client (79fa06832fc287bc)\ScreenConnect.WindowsClient.exe" "RunRole" "ece0852c-989c-4064-aaa3-1d9768751b83" "User"C:\Program Files\ScreenConnect Client (79fa06832fc287bc)\ScreenConnect.WindowsClient.exeScreenConnect.ClientService.exe
User:
admin
Company:
ScreenConnect Software
Integrity Level:
MEDIUM
Description:
ScreenConnect Client
Exit code:
0
Version:
23.9.6.8787
Modules
Images
c:\program files\screenconnect client (79fa06832fc287bc)\screenconnect.windowsclient.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2556"C:\Program Files\ScreenConnect Client (79fa06832fc287bc)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=instance-kx8x18-relay.screenconnect.com&p=443&s=364d9395-fcdc-4834-9c31-fc590e7a08bf&k=BgIAAACkAABSU0ExAAgAAAEAAQC9XJ2Ho6wMZKRXluepKlhBB2W7YeGpwERAfeLb69OUWWHXOBQG4%2braU4FUcck%2bTms1vJ4kE%2faCmsyqzMluAO93F3WXjaBBtuKIQTa8LMmjFl84GIOdQ7cggF1FE3lusL0kG4VQKOKRi8s36fzLCE4ogle9Rs9FC5QRo%2fr9QTPYz%2fXcPhObgwE8ZDbWlQeUnOSQI%2bJDVLXrdgj7ogpyh7v%2bzaHmV4a9d3Tasz6dAzmIDnmFbzxqdTny6qExqreEKG%2bHEZirVOd1Atb%2bBpk7ndnUFf%2bTRT6QbW3HYQD8d2l2pwbHpZnuedr7Y%2fr7ejYkKC1ei0zuT3DFKfjS7b4Tqj%2fd"C:\Program Files\ScreenConnect Client (79fa06832fc287bc)\ScreenConnect.ClientService.exe
services.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Exit code:
0
Version:
23.9.6.8787
Modules
Images
c:\program files\screenconnect client (79fa06832fc287bc)\screenconnect.clientservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2564"C:\Users\admin\Desktop\ScreenConnect.ClientSetup.exe" C:\Users\admin\Desktop\ScreenConnect.ClientSetup.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\screenconnect.clientsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
4 639
Read events
4 575
Write events
58
Delete events
6

Modification events

(PID) Process:(3768) ScreenConnect.ClientSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3768) ScreenConnect.ClientSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3768) ScreenConnect.ClientSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3768) ScreenConnect.ClientSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(4020) ScreenConnect.ClientService.exeKey:HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(4020) ScreenConnect.ClientService.exeKey:HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(4020) ScreenConnect.ClientService.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ScreenConnect Client (79fa06832fc287bc)
Operation:writeName:ImagePath
Value:
"C:\Program Files\ScreenConnect Client (79fa06832fc287bc)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=instance-kx8x18-relay.screenconnect.com&p=443&s=f9d75b3d-59e9-46d8-8869-56cb04df845c&k=BgIAAACkAABSU0ExAAgAAAEAAQC9XJ2Ho6wMZKRXluepKlhBB2W7YeGpwERAfeLb69OUWWHXOBQG4%2braU4FUcck%2bTms1vJ4kE%2faCmsyqzMluAO93F3WXjaBBtuKIQTa8LMmjFl84GIOdQ7cggF1FE3lusL0kG4VQKOKRi8s36fzLCE4ogle9Rs9FC5QRo%2fr9QTPYz%2fXcPhObgwE8ZDbWlQeUnOSQI%2bJDVLXrdgj7ogpyh7v%2bzaHmV4a9d3Tasz6dAzmIDnmFbzxqdTny6qExqreEKG%2bHEZirVOd1Atb%2bBpk7ndnUFf%2bTRT6QbW3HYQD8d2l2pwbHpZnuedr7Y%2fr7ejYkKC1ei0zuT3DFKfjS7b4Tqj%2fd"
(PID) Process:(2512) ScreenConnect.WindowsClient.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2512) ScreenConnect.WindowsClient.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2512) ScreenConnect.WindowsClient.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
Executable files
14
Suspicious files
0
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
3768ScreenConnect.ClientSetup.exeC:\Users\admin\AppData\Local\Temp\ScreenConnect\79fa06832fc287bc\setup.msi
MD5:
SHA256:
2764rundll32.exeC:\Users\admin\AppData\Local\Temp\MSI3C62.tmp-\ScreenConnect.InstallerActions.dllexecutable
MD5:B9CEFDD3184879806004759A4DBD7A8B
SHA256:CE7D3E141CA8662D073FAB1BCF246C0A1BD2F2C249D9B0E729FDA28CACE9E81A
4020ScreenConnect.ClientService.exeC:\Windows\System32\config\systemprofile\AppData\Local\ScreenConnect Client (79fa06832fc287bc)\user.configxml
MD5:7603096D3B9CDCB03EC4AA688A27D529
SHA256:B20BCC48C575EF7F69368F5914EC1E0FC3F7D8AB4AE7D305651B623281896283
2896rundll32.exeC:\Windows\Installer\MSI4BD4.tmp-\Microsoft.Deployment.WindowsInstaller.dllexecutable
MD5:5EF88919012E4A3D8A1E2955DC8C8D81
SHA256:3E54286E348EBD3D70EAED8174CCA500455C3E098CDD1FCCB167BC43D93DB29D
2764rundll32.exeC:\Users\admin\AppData\Local\Temp\MSI3C62.tmp-\CustomAction.configxml
MD5:EB99EE012EB63C162EEBC1DF3A15990B
SHA256:C5045C2D482F71215877EB668264EE47E1415792457F19A5A55651C3554CC7CD
4020ScreenConnect.ClientService.exeC:\Windows\system32\config\systemprofile\AppData\Local\ScreenConnect Client (79fa06832fc287bc)\3fbmbm2q.newcfgxml
MD5:7603096D3B9CDCB03EC4AA688A27D529
SHA256:B20BCC48C575EF7F69368F5914EC1E0FC3F7D8AB4AE7D305651B623281896283
2896rundll32.exeC:\Windows\Installer\MSI4BD4.tmp-\ScreenConnect.InstallerActions.dllexecutable
MD5:B9CEFDD3184879806004759A4DBD7A8B
SHA256:CE7D3E141CA8662D073FAB1BCF246C0A1BD2F2C249D9B0E729FDA28CACE9E81A
4020ScreenConnect.ClientService.exeC:\Windows\TEMP\ScreenConnect\23.9.6.8787\fd274e92-52a4-4585-a3d5-4aec0d40cea0run.cmdtext
MD5:91BBABFADAE6E98D01BA0E4B1CA8F318
SHA256:D3676C4581217D4B5F4EA71E976ADF94417838C99FDB28FE31CE93F9DBFC0182
4020ScreenConnect.ClientService.exeC:\Windows\TEMP\ScreenConnect\23.9.6.8787\ScreenConnect.ClientUninstall.vbstext
MD5:839307E972E2926A8C485D99F53F786B
SHA256:8808CD9C383776F00E46CC7624B2E536F65D8C6D6923977FC814F2BE0471EC6C
2896rundll32.exeC:\Windows\Installer\MSI4BD4.tmp-\ScreenConnect.Core.dllexecutable
MD5:D7EB94594D2A567F9C148733374FB801
SHA256:6977604519FC7651AA5FEFF7AFB54787E0D2B68AE2463A0550396CCCA43B9240
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
6
DNS requests
2
Threats
6

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4020
ScreenConnect.ClientService.exe
147.75.84.232:443
instance-kx8x18-relay.screenconnect.com
PACKET
NL
unknown
2556
ScreenConnect.ClientService.exe
147.75.84.232:443
instance-kx8x18-relay.screenconnect.com
PACKET
NL
unknown

DNS requests

Domain
IP
Reputation
instance-kx8x18-relay.screenconnect.com
  • 147.75.84.232
unknown

Threats

PID
Process
Class
Message
1080
svchost.exe
Misc activity
ET INFO Observed DNS Query to Known ScreenConnect/ConnectWise Remote Desktop Service Domain
4020
ScreenConnect.ClientService.exe
Misc activity
ET INFO ScreenConnect/ConnectWise Initial Checkin Packet M2
4020
ScreenConnect.ClientService.exe
Potential Corporate Privacy Violation
REMOTE [ANY.RUN] ScreenConnect Server Response
1080
svchost.exe
Misc activity
ET INFO Observed DNS Query to Known ScreenConnect/ConnectWise Remote Desktop Service Domain
2556
ScreenConnect.ClientService.exe
Misc activity
ET INFO ScreenConnect/ConnectWise Initial Checkin Packet M2
2556
ScreenConnect.ClientService.exe
Potential Corporate Privacy Violation
REMOTE [ANY.RUN] ScreenConnect Server Response
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ScreenConnect.ClientSetup.exe