Behavioral task
behavioral1
Sample
b79c7584ef10ed44701192b35fa07407ca0db34b7fade46d8da0c30f68177cae.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b79c7584ef10ed44701192b35fa07407ca0db34b7fade46d8da0c30f68177cae.pdf
Resource
win10v2004-20240226-en
General
-
Target
b79c7584ef10ed44701192b35fa07407ca0db34b7fade46d8da0c30f68177cae
-
Size
1.1MB
-
MD5
b7f92eeaf927cb46c8e739afa26848fb
-
SHA1
4fcfff48ce0f73d1b3f0486d26a6b26c7ba79737
-
SHA256
b79c7584ef10ed44701192b35fa07407ca0db34b7fade46d8da0c30f68177cae
-
SHA512
aad9e7c5ae70e153a83dc5552737a8043787172a184736183e71922f6f8d94a6dfccd8dfd9c35da51b719c8a6ad191e4dc3f8aac6b2e38ac23a5e2ec8d431a9b
-
SSDEEP
24576:R1tgrjeEVaaQtg06FTn9Cka/xnwBJWUzjRVuw05RR1XYPK/71306:R1tsSuaaQG08TUxgvwIPCJk6
Malware Config
Signatures
Files
-
b79c7584ef10ed44701192b35fa07407ca0db34b7fade46d8da0c30f68177cae.pdf
-
https://www.cyber.gov.au/about-us/about-acsc/contact-us
-
https://www.jpcert.or.jp/english/pub/sr/20170612ac-ir_research_en.pdf
-
https://www.first.org/resources/papers/conf2016/FIRST-2016-101.pdf
-
https://www.sans.org/white-papers/34132/
-
https://www.sans.org/white-papers/34262/
-
https://support.microsoft.com/en-au/topic/microsoft-security-advisory-update-to-improve-windows-command-line-auditing-february-10-2015-570edc4b-8ee7-950d-4629-045e308743e4
-
https://learn.microsoft.com/en-au/security-updates/SecurityAdvisories/2015/3004375
-
https://www.mandiant.com/resources/blog/greater-visibility
-
https://learn.microsoft.com/en-au/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff182311(v=ws.10)
-
https://learn.microsoft.com/en-au/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd349798(v=ws.10)
-
https://learn.microsoft.com/en-au/archive/blogs/jepayne/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem
-
https://www.rsaconference.com/library/presentation/how-to-go-from-responding-to-hunting-with-sysinternals-sysmon
-
https://learn.microsoft.com/en-au/sysinternals/downloads/sysmon
-
https://learn.microsoft.com/en-au/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection
-
https://learn.microsoft.com/en-au/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings
-
https://github.com/nsacyber/Event-Forwarding-Guidance
-
https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-hardening/hardening-microsoft-windows-10-version-21h1-workstations
-
https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-administration/securing-powershell-enterprise
-
https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-hardening/implementing-application-control
-
https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight
-
https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/strategies-mitigate-cyber-security-incidents
-
https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism
-
https://learn.microsoft.com/en-au/windows/whats-new/whats-new-windows-10-version-1507-and-1511#bkmk-lsass
-
https://learn.microsoft.com/en-au/archive/blogs/askds/ntlm-blocking-and-you-application-analysis-and-auditing-methodologies-in-windows-7
-
https://learn.microsoft.com/en-au/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide
-
https://learn.microsoft.com/en-au/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows?view=o365-worldwide
-
https://learn.microsoft.com/en-au/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-worldwide
-
https://learn.microsoft.com/en-au/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview
-
https://github.com/AustralianCyberSecurityCentre/windows_event_logging
-
http://wmi_auditing.ps
-
http://add_subscriptions.ps
-
http://set_subscriptions_source.ps
- Show all
-