Security Question: Consequences of Malware Named 'svchost.exe' in System32 Directory?

[ElektraEmber]

What would happen if we placed a malicious/malware file named svchost.exe (assuming services.exe is still its parent process) in the Windows System32 directory alongside the legitimate svchost.exe?

Would the malicious file execute with system privileges?

 

[KernelMode]

svchost cannot be replaced, it hosts most of the system services. but it is possible to develop a service dll to work in svchost

 

[ElektraEmber]

Like a rootkit that can attach service dll to another process

would you be able to share any link to tutorial? I found this but it needs a new service - https://www.ired.team/offensive-sec...in-svchost.exe-with-a-service-dll-servicemain

I'm looking to run it using a legit system service