Behavioral task
behavioral1
Sample
a86f7bf6fe1eab25c877fdc745a8b696ac86efe145fa42adadbb164f5517ada3.pdf
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a86f7bf6fe1eab25c877fdc745a8b696ac86efe145fa42adadbb164f5517ada3.pdf
Resource
win10v2004-20220414-en
General
-
Target
a86f7bf6fe1eab25c877fdc745a8b696ac86efe145fa42adadbb164f5517ada3
-
Size
1.3MB
-
MD5
8622e712ef414b421cd6422c8c959f86
-
SHA1
d168dbc45f71ca23de3888c54720240c3f3a0649
-
SHA256
a86f7bf6fe1eab25c877fdc745a8b696ac86efe145fa42adadbb164f5517ada3
-
SHA512
c1a741ba5fca7a40da109b9da78177532b15e55e5b6fc0965191e3aa2bc1d12bcdf94642516276c44036f2fa4ce686f5b6db92cdfd851551081ad7032b3343e4
-
SSDEEP
24576:m2l0y3O3kiC8ONX3IDsV5GS1qt3jEHVgvYbFAG9+KydT6bPW:iy3YCVV3I3gHioF59MujW
Malware Config
Signatures
Files
-
a86f7bf6fe1eab25c877fdc745a8b696ac86efe145fa42adadbb164f5517ada3.pdf
-
https://github.com/apthunting/APT-Hunter
-
https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdfhttps://github.com/mandiant/ShimCacheParserhttp://binaryforay.blogspot.com/2015/05/introducing-appcompatcacheparser.htmlwww.woanware.co.uk/forensics/shimcacheparser.htmlHunting
-
http://www.swiftforensics.com/2013/12/amcachehve-in-windows-8-goldmine-for.htmlhttps://github.com/williballenthin/python-registry/blob/master/samples/amcache.pyhttp://binaryforay.blogspot.com/2015/07/amcacheparser-reducing-noise-finding.html13AmCache
-
http://journeyintoir.blogspot.in/2013/12/revealing-recentfilecachebcf-file.htmlhttps://github.com/sysforensics/RecentFileCacheParser15RecentFileCache
-
http://carnal0wnage.attackresearch.com/2012/04/privilege-escalation-via-sticky-keys.htmlhttp://zachgrace.com/2015/03/23/hunting-sticky-keys-backdoors.htmlhttp://www.crowdstrike.com/blog/registry-analysis-with-crowdresponse/17Sticky
-
http://la.trendmicro.com/media/misc/understanding-wmi-malware-research-paper-en.pdfhttps://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdfhttps://dl.mandiant.com/EE/library/MIRcon2014/MIRcon_2014_IR_Track_There%27s_Something_About_WMI.pdfhttps://github.com/PowerShellEmpire/Empire
-
https://github.com/PowerShellMafia/PowerSploit
-
https://www.secureworks.com/blog/wmi-persistence23WMI
-
https://www.trustedsec.com/april-2015/dumping-wdigest-creds-with-meterpreter-mimikatzkiwi-in-windows-8-1https://adsecurity.org/?p=55926WDigest
-
https://www.blackhat.com/docs/webcast/09172015-leveraging-proactive-defense-rsa.pdfhttps://github.com/sans-dfir/sift-files/blob/master/scripts/jobparse.pl29Scheduled
-
https://digital-forensics.sans.org/media/poster_2014_find_evil.pdfIntrusion
-
https://github.com/apthunting/APT-HunterHaoWang:
- Show all
-