Ticket#3524995/STONEHENGE/[##337240##] High - SentinelOne Threat - Stonehenge Advisors, Inc - Setup_WebCompanion.exe - 04/30/2 -- has been updated - Все последние письма | WithoutEmail.com

This ticket has been updated by Christopher Clarke

Christopher Clarke

4/30/2026 11:47 AM

Reviewed threat files found
Web companion is a known malicious app
Stopped the process from running and removed all associated files with this app
System is now clean and no further action is needed

Summary:

[##337240##] High - SentinelOne Threat - Stonehenge Advisors, Inc - Setup_WebCompanion.exe - 04/30/2

Status:

Completed

Ticket #

3524995

Company:

Stonehenge Advisors, Inc

Contact:

Dan Sablosky (POC)

Phone:

(215) 320-3777

Address:

4328-42 Ridge Avenue
Suite 104
Philadelphia, PA 19129

View Ticket

Discussion

Christopher Clarke

4/30/2026 11:47 AM-12:20 PM

Reviewed threat files found
Web companion is a known malicious app
Stopped the process from running and removed all associated files with this app
System is now clean and no further action is needed

Dan Sablosky (POC)

4/30/2026 5:31 AM-

{      "@context": "http://schema.org",      "@type": "EmailMessage",      "potentialAction": {        "@type": "ViewAction",        "target": "https://desk.cyflare.cloud/portal/ticket/337240",        "name": "View Ticket "      },      "description": "View Ticket"    }

Dear IH-Atlantic_Stonehenge Advisors,

A ticket has been created with the following details:

Account Name: Atlantic_Stonehenge Advisors
Ticket ID:  337240
Priority:  High
Subject:  High - SentinelOne Threat - Stonehenge Advisors, Inc - Setup_WebCompanion.exe - 04/30/26
Description:

EDR: Setup_WebCompanion.exe

Customer: Stonehenge Advisors, Inc |                            Detected: 2026-04-30 05:21:20 UTC-04

Priority: HighSource: SentineloneThreat status: Mitigated - contained by socQuarantine: SuccessKill: Success
Alert Link:EDR Alert

Executive Summary                AI-Assisted

A security agent detected suspicious software on a desktop used by the Admin account; the event was rated high risk due to the software's malicious reputation and potential to harm systems. The threat was successfully mitigated and quarantined on the device, so immediate risk to the network is low. Business impact could include temporary loss of that user’s productivity and a small operational disruption if similar software was present elsewhere.

SOC Response Actions
Actions the SOC performed (or attempted). Follow this link for further information on Use Case #5 and Use Case #6.
ActionStatus

--- ---
Savoy-DskTop, no full disk scan command was sent.                        Not Configured
Savoy-DskTop, endpoint was not isolated from the network.                        Not Configured

Recommended Remediation

[Containment] Isolate the affected endpoint 'Savoy-DskTop' from the network until remediation is complete.
[Eradication] Remove the file \Device\HarddiskVolume3\Users\Admin\Downloads\Setup_WebCompanion.exe from the endpoint and delete associated file hashes '4bb16776c33eb099f170c2204279268cf79a55ebd12891a114f63e11b0237b2c' and 'bc457fa758af1f9f1cceb1504b8d15f4cbbd5b77' from central file shares.
[Hardening] Ensure the user 'Admin' does not run with unnecessary local administrative privileges; apply least-privilege controls for this account.
[Hardening] Block execution of installers from the Downloads folder via AppLocker or Microsoft Defender Application Control policies.
[Hardening] Validate and revoke any untrusted certificates or signed software sources matching publisher 'LAVASOFT SOFTWARE CANADA INC.' until provenance is confirmed.

Key Details
Threat ClassificationMalwareEndpoint NameSavoy-DskTop
Detection EngineReputationEndpoint IP Address192.168.2.159
File Path\Device\HarddiskVolume3\Users\Admin\Downloads\Setup_WebCompanion.exeSite NameStonehenge Advisors
File Hash4bb16776c33eb099f170c2204279268cf79a55ebd12891a114f63e11b0237b2c MaliciousGroup NameStonehenge Advisors Inc - Savoy
File Publisher NameLAVASOFT SOFTWARE CANADA INC.SentinelOne Mitigation Policyprotect
File Publisher Signed & VerifiedSignedVerifiedSentinelOne Mitigation Statusmitigated
Command Line
SOC Findings
Threat Intelligence & Reputation
VirusTotal

4bb16776...b0237b2c
Malicious
File hash detected by 32 security engines. Classified under the meaningful name Installer.exe.
Hybrid-Analysis

4bb16776...b0237b2c
No Relevant Results
No behavioral or reputation data returned for this hash at the time of analysis.
Indicators of Compromise

No threat indicators flagged by source tool

Cross-Service Intelligence Markdig.Syntax.Inlines.HtmlEntityInlineMarkdig.Syntax.Inlines.HtmlEntityInlineMarkdig.Syntax.Inlines.HtmlEntityInlineMarkdig.Syntax.Inlines.HtmlEntityInlineMarkdig.Syntax.Inlines.HtmlEntityInlineMarkdig.Syntax.Inlines.HtmlEntityInlineMarkdig.Syntax.Inlines.HtmlEntityInlineMarkdig.Syntax.Inlines.HtmlEntityInlineMarkdig.Syntax.Inlines.HtmlEntityInlineMarkdig.Syntax.Inlines.HtmlEntityInlineMarkdig.Sy...

Below is additional context from other services subscribed by the customer.
ServiceSourceRelevant InsightReference

--- --- --- ---
ESN/ANo relevant tools configured for enrichment.

Need help or want us to take additional actions? Reply to this ticket and the SOC will assist.

You can view all details here: 337240

View Ticket