How Malware hides and is installed as a Service
Tags
attack-pattern: Control Panel - T1218.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID c7d350f5-3c19-4b40-8331-07c2b5b07e7b
Fingerprint 7708e1d3ad248af5
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 10, 2004, midnight
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline UNKNOWN
Title How Malware hides and is installed as a Service
Detected Hints/Tags/Attributes 36/1/19
Source URLs
Redirection Url
Details Source https://www.bleepingcomputer.com/tutorials/how-malware-hides-as-a-service/
URL Provider
Details Provider Source level domain
Details bleepingcomputer.com www.bleepingcomputer.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
ssearch.biz
Details Domain 1 
getservices.zip
Details Domain 162 
bleepingcomputer.com
Details File 1122 
svchost.exe
Details File 1 
getservices.zip
Details File 1 
getservice.bat
Details File 2 
psservice.exe
Details File 1 
c:\windows\system32\d3xi.exe
Details File 1 
c:\winnt\system32\svchost.exe
Details Windows Registry Key 2 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename
Details Windows Registry Key 26 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename\Parameters\ServiceDll
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnpsvc\Parameters\ServiceDll
Details Windows Registry Key 22 
HKEY_LOCAL_MACHINE\SYSTEM
Details Windows Registry Key 2 
HKEY_LOCAL_MACHINE\SYSTEM\Select
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pnpsvc
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pnpsvc
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root