Task
task1
Task
task2
General
-
Target
Exes_8f5275c50f0eba3d03ba9a02d958428d.11
-
Sample
190828-b7vzbbm8de
-
SHA256
bb6f355ea11ee4a879d7c7ee97c44e06cae6021d9cb23c1df28491336662afff
Score
N/A
Malware Config
Signatures
-
Adds Run entry to start application 2 TTPs 2 IoCs
description \REGISTRY\USER\S-1-5-21-2105198082-3159795503-3637859200-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (CreateKeyEx) \REGISTRY\USER\S-1-5-21-2105198082-3159795503-3637859200-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" -
Suspicious registry modification 1 IoCs
description \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\System32\Configuration\xVersion = "4.0.0.1" -
Suspicious behavior: EnumeratesProcesses
-
troldesh family