Analysis

  • max time kernel
    1697s
  • max time network
    1707s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-06-2024 14:33

General

  • Target

    svchost.exe

  • Size

    178KB

  • MD5

    8c5888968cfdb6a017ee0e480e958321

  • SHA1

    7b44a84ed6544709cac184ccc9c901157b0ed76a

  • SHA256

    ce78bc90ee00ff4ba34b9a98c6cc88f55d93a3ac3366bb587421f4e55f4f86ad

  • SHA512

    631f04864b4d1e746a6820d40f7ef450f8b026649ca4ed87d7702d4c2516c6f63ddbf5418dc0f5b0577a4a1a1c338ecdc6f2d582d0d8346d94b1faee9cce1065

  • SSDEEP

    3072:QrhzCyHoN36tHQviFCvoBnEfWl9zyaF9biYvMG4NpVq8BxFRzaqF+o2GQJ7/Jzqo:QMk9zhvMGgVqwlL

Score
7/10

Malware Config

Signatures

  • Drops startup file 3 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 45 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    PID:2184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2184-0-0x0000000074B12000-0x0000000074B13000-memory.dmp

    Filesize

    4KB

  • memory/2184-1-0x0000000074B10000-0x00000000750C1000-memory.dmp

    Filesize

    5.7MB

  • memory/2184-5-0x0000000074B10000-0x00000000750C1000-memory.dmp

    Filesize

    5.7MB

  • memory/2184-7-0x0000000074B10000-0x00000000750C1000-memory.dmp

    Filesize

    5.7MB