General
Static task
static1
URLScan task
urlscan1
Malware Config
Targets
-
-
Adds autorun key to be loaded by Explorer.exe on startup
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Modifies visiblity of hidden/system files in Explorer
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Modifies Installed Components in the registry
-
Registers new Print Monitor
-
Sets file execution options in registry
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
6Registry Run Keys / Startup Folder
5Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Change Default File Association
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
6Registry Run Keys / Startup Folder
5Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Change Default File Association
1Defense Evasion
Modify Registry
13Hide Artifacts
1Hidden Files and Directories
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1