Knowing the “Normal” & unmasking svchost.exe
Tags
attack-pattern: Direct Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 System Services - T1569 Tool - T1588.002 Logon Scripts - T1037 Powershell - T1086 Rootkit - T1014 Rootkit
Show in Graph
Common Information
Type Value
UUID af271bff-d338-4d4c-a689-4f4d8788d925
Fingerprint 3618f977ab306454
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 4, 2024, 1:51 a.m.
Added to db Nov. 4, 2024, 3:15 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Knowing the “Normal” & unmasking svchost.exe
Title Knowing the “Normal” & unmasking svchost.exe
Detected Hints/Tags/Attributes 42/1/23
Source URLs
Redirection Url
Details Source https://prajshete17.medium.com/knowing-the-normal-unmasking-svchost-exe-be74a3ae22d0?source=rss------malware-5
Details Source https://prajshete17.medium.com/knowing-the-normal-unmasking-svchost-exe-be74a3ae22d0?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com prajshete17.medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Details 171 Malware on Medium https://medium.com/feed/tag/malware 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 1122 
svchost.exe
Details File 1 
%systemroot%\system32\ntoskrnl.exe
Details File 119 
smss.exe
Details File 89 
wininit.exe
Details File 3 
%systemroot%\system32\wininit.exe
Details File 306 
services.exe
Details File 4 
%systemroot%\system32\services.exe
Details File 131 
spoolsv.exe
Details File 32 
%systemroot%\system32\svchost.exe
Details File 478 
lsass.exe
Details File 10 
%systemroot%\system32\lsass.exe
Details File 212 
winlogon.exe
Details File 5 
%systemroot%\system32\winlogon.exe
Details File 18 
logonui.exe
Details File 1 
%systemroot%\system32\logonui.exe
Details File 50 
userinit.exe
Details File 3 
%systemroot%\system32\userinit.exe
Details File 1260 
explorer.exe
Details File 3 
%systemroot%\system32\smss.exe
Details File 1 
%systemroot%\system32\explorer.exe
Details File 1208 
powershell.exe
Details Windows Registry Key 13 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Details Windows Registry Key 104 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows