Analysis
-
max time kernel
234s -
max time network
251s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-05-2024 04:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
svch0st1.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
300 seconds
General
-
Target
svch0st1.exe
-
Size
144KB
-
MD5
58c52863e349d8f95ad660554d0b724c
-
SHA1
4cda468531c0fb3d56db05d8ac180dafadd48e33
-
SHA256
825bfea146d8e72b09912947f27e6d7896750457ff0a598c87ed9fa7a880e15c
-
SHA512
fd8efeddf22e5e9901577ba9cf66554433e32e68ea4716510217378c3766277a527872c1f4d3a24916709c2469a4895f42f1c7bfd7ffbc50ef651ade1b38dd37
-
SSDEEP
768:lCmXUnU9UaEDyJHikCBy9XdAYGElJhgYAhs98Br8g37mdmmrm91:kOUU9UeikCByvIYy9
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/download_exec
C2
http://coivo2xo.livehost.live:443/bEaT
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
Processes
-
C:\Users\Admin\AppData\Local\Temp\svch0st1.exe"C:\Users\Admin\AppData\Local\Temp\svch0st1.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4196,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:81⤵