Analysis
-
max time kernel
141s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
26-12-2022 14:05
Static task
static1
Behavioral task
behavioral1
Sample
svchost.exe
Resource
win7-20220812-en
windows7-x64
4 signatures
150 seconds
General
-
Target
svchost.exe
-
Size
228KB
-
MD5
5bf69e555fe1e636d6c02c470bea0b6f
-
SHA1
96e30ea4c29b8eac021a17cc5cd056e269d9bfb0
-
SHA256
e1c088749ae4df16e4e029ecbc02b57c1a3ad3a36a3c5f1dfb9fd30f163f39df
-
SHA512
488caaca4b6b99de782d16a08ae8319b0c1a232a18bc2894d5e0c017af0764e1ffe4a32eb409d9cfde62f1e33b01306eb45bf285c9eaa653ca6d61c2f3b5edbd
-
SSDEEP
6144:ZbwPB/7O/FD4m+6I1/8Ni0u2VYOHT2C7u13ayTg:ZSOHT2C7uJVT
Malware Config
Extracted
Family
systembc
C2
64.44.141.137:4001
192.53.123.202:4001
Signatures
-
Drops file in Windows directory 2 IoCs
Processes:
svchost.exedescription ioc process File created C:\Windows\Tasks\wow64.job svchost.exe File opened for modification C:\Windows\Tasks\wow64.job svchost.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
svchost.exesvchost.exepid process 4492 svchost.exe 4888 svchost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\svchost.exeC:\Users\Admin\AppData\Local\Temp\svchost.exe start1⤵
- Suspicious use of SetWindowsHookEx