Task
task1
Task
task2
General
-
Target
Exes_95a73842672ac3f89618c5db39497de1.jpg
-
Sample
190814-aqxd14pvlx
-
SHA256
8a44c7afbb4d00b448c57765477df5c4f5a8df7dbb85a2ff746ec8dc9457481f
Score
N/A
Malware Config
Signatures
-
Adds Run entry to start application 2 TTPs 2 IoCs
description \REGISTRY\USER\S-1-5-21-2105198082-3159795503-3637859200-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (CreateKeyEx) \REGISTRY\USER\S-1-5-21-2105198082-3159795503-3637859200-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" -
Suspicious registry modification 1 IoCs
description \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\System32\Configuration\xVersion = "4.0.0.1" -
Suspicious behavior: EnumeratesProcesses
-
troldesh family