HowTo: Detecting Persistence Mechanisms
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Timestomp - T1070.006 Tool - T1588.002 Timestomp - T1099
Show in Graph
Common Information
Type Value
UUID 171cbe38-6648-4c0a-a39f-49d2f6cd07af
Fingerprint 375459d748e51f89
Analysis status DONE
Considered CTI value 0
Text language
Published July 15, 2013, 11:01 a.m.
Added to db Jan. 19, 2023, 12:07 a.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline Windows Incident Response
Title HowTo: Detecting Persistence Mechanisms
Detected Hints/Tags/Attributes 59/1/5
Source URLs
Redirection Url
Details Source http://windowsir.blogspot.com/2013/07/howto-detecting-persistence-mechanisms.html
URL Provider
Details Provider Source level domain
Details blogspot.com windowsir.blogspot.com
Attributes
Details Type #Events CTI Value
Details File 6 
c:\windows\system32\imm32.dll
Details File 12 
ntshrui.dll
Details File 1 
c:\windows\system32\some_dll.dll
Details File 1260 
explorer.exe
Details File 16 
imm32.dll