• File Info
NameValue
Size5338456
MD5b68d8fce042c992b16c83a6759a6f9cb
SHA182c3c063cc38e724cbcc04a17fca4e6f6f61a3a2
SHA256612cae8030709ce799c1a9107deaf1afec9c59b866c46783bee5d3c39cb0e9e2
ProcessExited
• Keys Created
• Keys Changed
• Keys Deleted
• Values Created
• Values Changed
• Values Deleted
• Directories Created
• Directories Changed
• Directories Deleted
• Files Created
• Files Changed
• Files Deleted
• Directories Hidden
• Files Hidden
• Drivers Loaded
• Drivers Unloaded
• Processes Created
• Processes Terminated
• Threads Created
PIdProcess NameTIdStartStart MemWin32 StartWin32 Start Mem
0x4System0x72c0xf93dc9c1MEM_FREE0x0MEM_FREE
0x4System0x7300xf93dc9c1MEM_FREE0x0MEM_FREE
0x3e4svchost.exe0x7180x7c810856MEM_IMAGE0x7529edb3MEM_IMAGE
0x3e4svchost.exe0x71c0x7c810856MEM_IMAGE0x75219a1eMEM_IMAGE
0x3e4svchost.exe0x7200x7c810856MEM_IMAGE0x762cf0a3MEM_IMAGE
0x3e4svchost.exe0x7240x7c810856MEM_IMAGE0x762cf0a3MEM_IMAGE
0x3e4svchost.exe0x7280x7c810856MEM_IMAGE0x7529e44bMEM_IMAGE
• Modules Loaded
PIdProcess NameBaseSizeFlagsImage Name
0x3e4svchost.exe0x73d300000x170000x800c4004C:\WINDOWS\system32\wbem\wbemcons.dll
• Windows Api Calls
PIdImage NameAddressFunction ( Parameters ) | Return Value
0x23cC:\TEST\sample.exe0x437d13CreateServiceW(hSCManager: 0x184938, lpServiceName: "TRIXX", lpDisplayName: "TRIXX", dwDesiredAccess: 0xf003f, dwServiceType: 0x1, dwStartType: 0x3, dwErrorControl: 0x1, lpBinaryPathName: "C:\DOCUME~1\User\LOCALS~1\Temp\\TRIXX.sys", lpLoadOrderGroup: "(null)", lpdwTagId: 0x0, lpDependencies: 0x0, lpServiceStartName: "(null)", lpPassword: 0x0)|0x184528
• DNS Queries
• HTTP Queries
• Verdict
Auto Analysis Verdict
Suspicious+
• Description
Suspicious Actions Detected
Creates system services or drivers
• Mutexes Created or Opened
PIdImage NameAddressMutex Name
0x23cC:\TEST\sample.exe0x7c859addDBWinMutex
• Events Created or Opened
PIdImage NameAddressEvent Name
0x23cC:\TEST\sample.exe0x77de5f48Global\SvcctrlStartEvent_A3752DX