Prefetch: The Little Snitch That Tells on You - TrustedSec
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID 404547b8-71c3-4e56-9159-cd3f5745a899
Fingerprint 340a9ada66b70f81
Analysis status DONE
Considered CTI value 0
Text language
Published July 25, 2023, 12:25 p.m.
Added to db Aug. 12, 2023, 10:19 a.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Prefetch: The Little Snitch That Tells on You
Title Prefetch: The Little Snitch That Tells on You - TrustedSec
Detected Hints/Tags/Attributes 32/1/17
Source URLs
Redirection Url
Details Source https://www.trustedsec.com/blog/prefetch-the-little-snitch-that-tells-on-you/
URL Provider
Details Provider Source level domain
Details trustedsec.com www.trustedsec.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 385 TrustedSec https://www.trustedsec.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2 
malwareandstuff.com
Details Domain 4127 
github.com
Details Domain 29 
www.nirsoft.net
Details Domain 425 
isc.sans.edu
Details Domain 2 
or10nlabs.tech
Details File 1122 
svchost.exe
Details File 1018 
rundll32.exe
Details File 31 
wsock32.dll
Details File 3 
win_prefetch_view.html
Details Github username 3 
ericzimmerman
Details Url 2 
https://malwareandstuff.com/the-dll-search-order-and-hijacking-it
Details Url 2 
https://github.com/ericzimmerman/pecmd.
Details Url 3 
https://www.nirsoft.net/utils/win_prefetch_view.html
Details Url 2 
https://isc.sans.edu/diary/rss/29168
Details Url 2 
https://www.forensicfocus.com/articles/hunting-for-attackers-tactics-and-techniques-with-prefetch-files
Details Url 2 
https://or10nlabs.tech/prefetch-forensics
Details Windows Registry Key 19 
HKLM\SYSTEM\CurrentControlSet\Control\Session