Analysis
-
max time kernel
1697s -
max time network
1707s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-06-2024 14:33
Behavioral task
behavioral1
Sample
svchost.exe
Resource
win10v2004-20240508-en
4 signatures
1800 seconds
General
-
Target
svchost.exe
-
Size
178KB
-
MD5
8c5888968cfdb6a017ee0e480e958321
-
SHA1
7b44a84ed6544709cac184ccc9c901157b0ed76a
-
SHA256
ce78bc90ee00ff4ba34b9a98c6cc88f55d93a3ac3366bb587421f4e55f4f86ad
-
SHA512
631f04864b4d1e746a6820d40f7ef450f8b026649ca4ed87d7702d4c2516c6f63ddbf5418dc0f5b0577a4a1a1c338ecdc6f2d582d0d8346d94b1faee9cce1065
-
SSDEEP
3072:QrhzCyHoN36tHQviFCvoBnEfWl9zyaF9biYvMG4NpVq8BxFRzaqF+o2GQJ7/Jzqo:QMk9zhvMGgVqwlL
Score
7/10
Malware Config
Signatures
-
Drops startup file 3 IoCs
Processes:
svchost.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Edge svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Edge svchost.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Edge.url svchost.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
svchost.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Edge = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\svchost.exe\" .." svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Edge = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\svchost.exe\" .." svchost.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 45 IoCs
Processes:
flow ioc 48 pastebin.com 64 pastebin.com 20 pastebin.com 39 pastebin.com 40 pastebin.com 41 pastebin.com 27 pastebin.com 55 pastebin.com 59 pastebin.com 60 pastebin.com 15 pastebin.com 23 pastebin.com 24 pastebin.com 25 pastebin.com 46 pastebin.com 7 pastebin.com 18 pastebin.com 21 pastebin.com 31 pastebin.com 14 pastebin.com 37 pastebin.com 50 pastebin.com 56 pastebin.com 12 pastebin.com 26 pastebin.com 30 pastebin.com 35 pastebin.com 2 pastebin.com 51 pastebin.com 53 pastebin.com 54 pastebin.com 43 pastebin.com 49 pastebin.com 52 pastebin.com 62 pastebin.com 16 pastebin.com 17 pastebin.com 22 pastebin.com 33 pastebin.com 63 pastebin.com 65 pastebin.com 19 pastebin.com 45 pastebin.com 57 pastebin.com 61 pastebin.com -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
svchost.exedescription pid process Token: SeDebugPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe Token: SeIncBasePriorityPrivilege 2184 svchost.exe Token: 33 2184 svchost.exe