UNKNOWN
Tags
attack-pattern: | Active Setup - T1547.014 Powershell - T1059.001 Regsvr32 - T1218.010 Software - T1592.002 Powershell - T1086 Regsvr32 - T1117 |
Common Information
Type | Value |
---|---|
UUID | 38d392c4-06b7-49d9-a03e-2d216396226d |
Fingerprint | c9e9c06db0ed0de1 |
Analysis status | IN_PROGRESS |
Considered CTI value | 0 |
Text language | |
Published | None |
Added to db | Dec. 19, 2024, 2:43 p.m. |
Last updated | Dec. 25, 2024, 12:26 p.m. |
Headline | UNKNOWN |
Title | UNKNOWN |
Detected Hints/Tags/Attributes | 20/1/30 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.secrss.com/articles/8419 |
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 325 | raw.githubusercontent.com |
|
Details | Domain | 6752 | 163.com |
|
Details | File | 1 | 随后注入到dllhost.exe |
|
Details | File | 427 | notepad.exe |
|
Details | File | 333 | calc.exe |
|
Details | File | 1 | 看到calc.exe |
|
Details | File | 1 | 请读者运行notepad.exe |
|
Details | File | 64 | bitsadmin.exe |
|
Details | File | 498 | regsvr32.exe |
|
Details | File | 66 | scrobj.dll |
|
Details | File | 1 | 突然可见calc.exe |
|
Details | Github username | 1 | threathandler |
|
Details | Url | 1 | https://raw.githubusercontent.com/threathandler/scttest/master/c.sct |
|
Details | Windows Registry Key | 200 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |
|
Details | Windows Registry Key | 50 | HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
Details | Windows Registry Key | 52 | HKLM\Software\Microsoft\Windows\CurrentVersion\Run |
|
Details | Windows Registry Key | 9 | HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
Details | Windows Registry Key | 4 | HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices |
|
Details | Windows Registry Key | 2 | HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices |
|
Details | Windows Registry Key | 2 | HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce |
|
Details | Windows Registry Key | 2 | HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce |
|
Details | Windows Registry Key | 10 | HKLM\System\CurrentControlSet\Services |
|
Details | Windows Registry Key | 174 | HKLM\SOFTWARE\Microsoft\Windows |
|
Details | Windows Registry Key | 53 | HKLM\Software\Microsoft\Windows |
|
Details | Windows Registry Key | 4 | HKCU\Software\Classes |
|
Details | Windows Registry Key | 1 | HKCU\Software\Classes\Drive\ShellEx\ContextMenuHandlers |
|
Details | Windows Registry Key | 1 | HKCU\Software\Classes\Directory\Shellex\DragDropHandlers |
|
Details | Windows Registry Key | 1 | HKLM\Software\Classes\Directory\Shellex\DragDropHandlers |
|
Details | Windows Registry Key | 4 | HKLM\SOFTWARE\Microsoft\Active |
|
Details | Windows Registry Key | 2 | HKLM\SOFTWARE\Wow6432Node\Microsoft\Active |