Task
task1
Task
task2
General
-
Target
Exes_e1d7946e0431423da26d27e7fae00edf.jpg
-
Sample
190824-szpqtsb8w6
-
SHA256
d832010182a986629db10bf429f85fe659265360964bee1cbec2947cfc597b00
Score
N/A
Malware Config
Signatures
-
Adds Run entry to start application 2 TTPs 2 IoCs
description \REGISTRY\USER\S-1-5-21-2105198082-3159795503-3637859200-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (CreateKeyEx) \REGISTRY\USER\S-1-5-21-2105198082-3159795503-3637859200-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" -
Suspicious registry modification 1 IoCs
description \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\System32\Configuration\xVersion = "4.0.0.1" -
Suspicious behavior: EnumeratesProcesses
-
troldesh family