A user’s laptop is experiencing general slowness following the user’s return from an extended time out of the office. After a week, the security team looks at the laptop, but nothing appears out of order. The only noticeable issue is that svchost.exe keeps launching even after the security team kills the process. After running netstat , the team notes svchost.exe is listening on port 443.
Using an IoC creation tool, a security analyst does the following:
OR–
File MD5 contains adf321122abce28873aad3e12f262a12c
AND
PROCESS name contains svchost.exe
PROCESS arguments does not contain -k
AND
FILENAME contains svchost.exe
FILE DIRECTORY is not %system32%
Based on the IoCs created and the netstat output, which of the following types of malware is present?
A . Backdoor
B . Crypto-malware
C . Rootkit
D . Logic bomb
Answer: C
Leave a Reply