Managed XDR

c-windows-apppatch-svchost.exe — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-windows-apppatch-svchost.exe
Тип файла
PE32 executable (GUI) Intel 80386, for MS Windows
Размер файла
324 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
829787c5f5965cc8a964a4f40fe664c28cede382
SHA256
0d093fab544ed701418e6599adfd89aceb853f68ef55a82af1a46b20c8194108
MD5
e82a3971516f3b394cd33bca9d9083fb

Сигнатуры

Privilege Escalation

T1055 injection_thread: Code injection to a remote process using CreateRemoteThread or NtQueueApcThread
T1055.002 inject_write_pe: Writes PE file to another process's memory

Defense Evasion

T1055 injection_thread: Code injection to a remote process using CreateRemoteThread or NtQueueApcThread
T1055.002 inject_write_pe: Writes PE file to another process's memory
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.001 static_overlay_padding: Overlay contents padding
T1027.002 packer_entropy: Probably contains compressed or encrypted data

Discovery

T1057 process_interest: Enumerates processes

Other

yara_rules: Static rules
suspicious_process: Spawns a suspicious process
no_graphical_activity: No graphic activity
pe_overlay: PE file contains overlay