Managed XDR

c-windows-apppatch-svchost.exe — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-windows-apppatch-svchost.exe
Тип файла
PE32 executable (GUI) Intel 80386, for MS Windows
Размер файла
324 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
263e60d7fce8a4518e9fb0d4241e9fc7abccfc3e
SHA256
6196b508b43c34d631b523f904c6395b1c682a113561a9f1f1fb47c94f598fe0
MD5
866ad3727e11106070150db0fa142718

Сигнатуры

Privilege Escalation

T1055 injection_thread: Code injection to a remote process using CreateRemoteThread or NtQueueApcThread
T1055.002 inject_write_pe: Writes PE file to another process's memory

Defense Evasion

T1055 injection_thread: Code injection to a remote process using CreateRemoteThread or NtQueueApcThread
T1055.002 inject_write_pe: Writes PE file to another process's memory
T1027.002 packer_entropy: Probably contains compressed or encrypted data

Discovery

T1057 process_interest: Enumerates processes

Other

yara_rules: Static rules
suspicious_process: Spawns a suspicious process
no_graphical_activity: No graphic activity