UAC Bypass Using CMSTP
Tags
| attack-pattern: | Cmstp - T1218.003 Component Object Model - T1559.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Cmstp - T1191 |
Common Information
| Type | Value |
|---|---|
| UUID | 6f4cde12-aced-4697-ae8b-00d57a661349 |
| Fingerprint | 8f23d9046506bf80 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 2, 2023, 3:01 p.m. |
| Added to db | Oct. 24, 2023, 1:30 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | UAC Bypass Using CMSTP |
| Title | UAC Bypass Using CMSTP |
| Detected Hints/Tags/Attributes | 43/1/13 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blogs.quickheal.com/uac-bypass-using-cmstp/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 5 | c:\windows\system32\cmstp.exe |
|
| Details | File | 2 | c:\windows\syswow64\cmstp.exe |
|
| Details | File | 3 | cmlua.dll |
|
| Details | File | 47 | cmstp.exe |
|
| Details | File | 3 | serviceprofilefilename.inf |
|
| Details | File | 2 | malicious.inf |
|
| Details | File | 8 | cmstplua.dll |
|
| Details | File | 5 | cmmgr32.exe |
|
| Details | md5 | 1 | 097cc44444c6733bc6b32cb1c4c87ddd |
|
| Details | md5 | 1 | 097CC44444C6733BC6B32CB1C4C87DDD |
|
| Details | md5 | 2 | 7E37F198C71A81AF5384C480520EE36E |
|
| Details | Windows Registry Key | 104 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows |
|
| Details | Windows Registry Key | 12 | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID |