8a44c7afbb4d00b448c57765477df5c4f5a8df7dbb85a2ff746ec8dc9457481f

General

Score

N/A

Suspicious use of WriteProcessMemory 1 TTPs 1 IoCs

Process Injection

description	pid
PID 1272 wrote to memory of 1484	1484

Adds Run entry to start application 2 TTPs 2 IoCs

Modify Registry

description
\REGISTRY\USER\S-1-5-21-1680029378-2711335550-577619594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
\REGISTRY\USER\S-1-5-21-1680029378-2711335550-577619594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\""