Getting SYSTEM on Windows in style
Tags
| attack-pattern: | Powershell - T1059.001 Python - T1059.006 Software - T1592.002 Tool - T1588.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 088638c2-73b8-4658-899d-40e025d81ce7 |
| Fingerprint | 24b0d9f79aa5f787 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 28, 2023, midnight |
| Added to db | Aug. 31, 2024, 8:09 a.m. |
| Last updated | Nov. 17, 2024, 5:58 p.m. |
| Headline | Getting SYSTEM on Windows in style |
| Title | Getting SYSTEM on Windows in style |
| Detected Hints/Tags/Attributes | 36/1/12 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 222 | ✔ | Sector 7 | https://sector7.computest.nl/index.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 5 | cve-2023-38146 |
|
| Details | File | 212 | winlogon.exe |
|
| Details | File | 1 | _vrf.dll |
|
| Details | File | 2 | msstyles_vrf.dll |
|
| Details | File | 1 | x_vrf.dll |
|
| Details | File | 1 | batch-file-or-tool-like-powertoy-to-change-the-res.html |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 29 | uxtheme.dll |
|
| Details | File | 4 | uxinit.dll |
|
| Details | IPv4 | 2 | 192.168.64.1 |
|
| Details | Url | 1 | https://learn.microsoft.com/en-us/answers/questions/197944/batch-file-or-tool-like-powertoy-to-change-the-res.html |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Windows\CurrentVersion\ThemeManager\DllName |