Memory Forensics Using Strings and Bstrings || MemProcFS/MemProcFS Analyzer: A Comprehensive Guide
Tags
attack-pattern: | Data Direct Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 Tool - T1588.002 Powershell - T1086 Sudo - T1169 |
Common Information
Type | Value |
---|---|
UUID | 1a3bc8f4-d43d-4785-9ac0-801d9b3c7905 |
Fingerprint | 3adbd94b3db724a8 |
Analysis status | DONE |
Considered CTI value | -2 |
Text language | |
Published | Oct. 31, 2024, 10:20 a.m. |
Added to db | Oct. 31, 2024, 11:48 a.m. |
Last updated | Nov. 12, 2024, 11:53 a.m. |
Headline | Memory Forensics Using Strings and Bstrings || MemProcFS/MemProcFS Analyzer: A Comprehensive Guide |
Title | Memory Forensics Using Strings and Bstrings || MemProcFS/MemProcFS Analyzer: A Comprehensive Guide |
Detected Hints/Tags/Attributes | 33/1/13 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 167 | ✔ | Cybersecurity on Medium | https://medium.com/feed/tag/cybersecurity | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | File | 2 | bstrings.exe |
|
Details | File | 1 | memprocfs.exe |
|
Details | File | 1 | c:\temp\memdump-win10x64.raw |
|
Details | File | 1 | proc.txt |
|
Details | File | 1 | proc-v.txt |
|
Details | File | 1 | drivers.txt |
|
Details | File | 1 | netstat.txt |
|
Details | File | 1 | netstat-v.txt |
|
Details | File | 3 | services.txt |
|
Details | File | 7 | task.txt |
|
Details | File | 1 | pslist.csv |
|
Details | File | 3 | updater.ps1 |
|
Details | File | 1 | memprocfs-analyzer.ps1 |