: It modifies registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run and Winlogon to ensure it restarts every time the computer boots. Forensic Indicators (IOCs)

: It is known to inject malicious code into legitimate Windows processes like svchost.exe to operate stealthily in memory.

: The malware frequently uses CryptOne packing to hide its code and implements stalling techniques (like calling Sleep functions) to wait out sandbox analysis.

: It may drop secondary executables with randomized names or names like svchost015.exe . Summary Table: Behavioral Analysis Observed Activity Type Ransomware Downloader / InfoStealer Delivery

Nuclear Exploit Kit (EK), cracked software, or malicious torrents File encryption (Ransomware) or theft of crypto-wallet data Detection High malicious score (100/100) in automated analysis Threat Roundup for August 12 to August 19

Soft.exe May 2026

: It modifies registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run and Winlogon to ensure it restarts every time the computer boots. Forensic Indicators (IOCs)

: It is known to inject malicious code into legitimate Windows processes like svchost.exe to operate stealthily in memory. Soft.exe

: The malware frequently uses CryptOne packing to hide its code and implements stalling techniques (like calling Sleep functions) to wait out sandbox analysis. : It may drop secondary executables with randomized

: It may drop secondary executables with randomized names or names like svchost015.exe . Summary Table: Behavioral Analysis Observed Activity Type Ransomware Downloader / InfoStealer Delivery Soft.exe

Related videos

Soft.exe May 2026