Overview

overview

8

Static

static

8

svhost.exe

windows7-x64

8

svhost.exe

windows10-2004-x64

8

Resubmissions

12-02-2024 14:35

240212-rx229agb6t 7

30-09-2023 12:02

230930-n7wrfach62 7

04-08-2022 02:50

220804-dbkn7aaba4 8

Analysis

  • max time kernel
    140s
  • max time network
    74s
  • platform
    windows7_x64
  • resource
    win7-20220718-en
  • resource tags

    arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
  • submitted
    04-08-2022 02:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    svhost.exe

  • Size

    5.9MB

  • MD5

    82f3539d8578b18fbc931f4f33fcbba3

  • SHA1

    196f127502d898e7d14cf9521b2b5838a2c1aa14

  • SHA256

    3393068eec5540b5a987e0c31c601b6d77ec326fcda7d6ddaf62d0d4f9f6db65

  • SHA512

    1a3a35b7c4090028e99843c442e15bf12a7b38f0840fce144a1686510e95d1f48a102056ee7e7abc263198338432000cdf4a870c8ae7d2284ae65990eaa86c78

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 5 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 61 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\svhost.exe
    "C:\Users\Admin\AppData\Local\Temp\svhost.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1936
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1116-61-0x000007FEFC631000-0x000007FEFC633000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1116-62-0x0000000140000000-0x00000001405E8000-memory.dmp
    Filesize

    5.9MB

    Download
  • memory/1116-63-0x0000000140000000-0x00000001405E8000-memory.dmp
    Filesize

    5.9MB

    Download
  • memory/1116-64-0x0000000002060000-0x0000000002070000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1116-65-0x0000000140000000-0x00000001405E8000-memory.dmp
    Filesize

    5.9MB

    Download
  • memory/1116-66-0x0000000140000000-0x00000001405E8000-memory.dmp
    Filesize

    5.9MB

    Download
  • memory/1936-54-0x0000000000150000-0x0000000000C47000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/1936-58-0x0000000000150000-0x0000000000C47000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/1936-59-0x0000000000150000-0x0000000000C47000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/1936-60-0x0000000000150000-0x0000000000C47000-memory.dmp
    Filesize

    11.0MB

    Download