Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
2
Replies

File Trajectory - Name in Russian

Enda McGahern
Level 1
Level 1

‎06-21-2022 05:18 AM

Hi,

I have a number of files on Windows 10 that are showing as clean

 

One is svchost.exe

 

SHA256

5d00bbeb147e0c838a622fc42c543b2913d57eaca4e69d9a37ed61e98c819347

It is reporting as clean.

 

However, the product name is Microsoft in Russian, which is a concern.© Корпорация Майкрософт

 

There are other files reporting the same way e.g. taskeng.exe.

 

Appreciate a view on this. 

 

Labels:
Preview file
19 KB
0 Helpful
2 Replies 2

Troja007
Cisco Employee
Cisco Employee

‎06-22-2022 11:37 AM

Hello @Enda McGahern ,
I did some research with the hash you provided. Please keep in mind, as I cannot give you any official answer just by a single hash.

  • Any tool I have access to reports the file as clean and trusted
  • Threat Response shows the file clean, but yes, the file is not available on any of my systems in the LAB
  • virustotal.com shows the file is clean
    • it was sent two days before and the page outlines Microsoft as the distributor
  • Talos File Reputation search does not show any info
  • Google Translator says Корпорация Майкрософт means Microsoft Corporation

There are a lot of question out of my head

  • More information would be fine from Device Trajectory. Is there any other Event seen for the endpoint?
  • Any anomaly in the network communication?
  • Any other possible indicators 

What you can do:

  • Do a root-kit scan directly on one of the systems from the endpoint UI.
  • Upload the file to Malware Analytics and set it to public, so it gets analyzed again.
  • Check if the automated action for file analysis is active, so such files get uploaded to the file repository in case the connector detect malicious behavior around the file.
  • You may open a TAC case, so we can take a close look.

Greetings,

Thorsten

 

0 Helpful

Enda McGahern
Level 1
Level 1
In response to Troja007

‎06-23-2022 05:04 AM

Hi Thorsen,

I logged a case via our Cisco partner and our partner is seeing the same on their own portal so its seems to be widespread and they have raised it with Cisco.

Ill will keep you updated.

 

Thanks for taking time to read and reply to my post. 

 

Regards

Enda

 

 

0 Helpful
Customers Also Viewed These Support Documents