Digging into memory
Tags
attack-pattern: | Malware - T1587.001 Malware - T1588.001 Tool - T1588.002 |
Common Information
Type | Value |
---|---|
UUID | 56eed837-dd2d-4d01-865b-0953615fb3d1 |
Fingerprint | bb2e4eb87ab21fb6 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Feb. 17, 2022, midnight |
Added to db | Aug. 31, 2024, 11:18 a.m. |
Last updated | Nov. 18, 2024, 10:24 a.m. |
Headline | Digging into memory |
Title | Digging into memory |
Detected Hints/Tags/Attributes | 21/1/15 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://eln0ty.github.io/forensics/Defcon-DFIR-CTF-Write-up/ |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 481 | ✔ | eln0ty | https://eln0ty.github.io/feed | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 89 | vol.py |
|
Details | File | 85 | vol.py |
|
Details | File | 380 | notepad.exe |
|
Details | File | 378 | wscript.exe |
|
Details | File | 1 | uwkpjfjdzm.exe |
|
Details | File | 69 | vcruntime140.dll |
|
Details | File | 1 | 3496.exe |
|
Details | File | 87 | skype.exe |
|
Details | File | 1 | 3032.dmp |
|
Details | File | 5 | 1.xls |
|
Details | md5 | 1 | 690ea20bc3bdfb328e23005d9a80c290 |
|
Details | md5 | 33 | aad3b435b51404eeaad3b435b51404ee |
|
Details | sha1 | 1 | c95e8cc8c946f95a109ea8e47a6800de10a27abd |
|
Details | IPv4 | 3 | 10.0.0.101 |
|
Details | IPv4 | 1 | 10.0.0.106 |