ioc[.]one - OSINT Cyber Threat Intelligence Database

The Windows Registry Adventure #4: Hives and the registry layout

Tags

attack-pattern:

Show in Graph

Common Information

Type	Value
UUID	71fe923f-64df-449f-b532-9c12830b9abb
Fingerprint	1e12107bb56774cd
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 25, 2024, 10:30 a.m.
Added to db	Oct. 25, 2024, 8:28 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Project Zero
Title	The Windows Registry Adventure #4: Hives and the registry layout
Detected Hints/Tags/Attributes	85/1/25

Source URLs

	Redirection	Url
Details	Source	https://googleprojectzero.blogspot.com/2024/10/the-windows-registry-adventure-4-hives.html

URL Provider

Details	Provider	Source level domain
Details	blogspot.com	googleprojectzero.blogspot.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	130	✔	Project Zero	https://googleprojectzero.blogspot.com/feeds/posts/default	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	9	cve-2023-35356
Details	CVE	2	cve-2023-35633
Details	CVE	1	cve-2024-26181
Details	Domain	1	ntuser.man
Details	File	11	application.exe
Details	File	82	kernelbase.dll
Details	File	533	ntdll.dll
Details	File	193	ntuser.dat
Details	File	1	usrclasses.dat
Details	File	1	c:\users\user\ntuser.dat
Details	File	28	usrclass.dat
Details	File	1	activationstore.dat
Details	File	12	settings.dat
Details	File	120	boot.ini
Details	File	18	winload.exe
Details	File	3	c:\windows\serviceprofiles\localservice\ntuser.dat
Details	File	3	c:\windows\serviceprofiles\networkservice\ntuser.dat
Details	File	125	ntoskrnl.exe
Details	File	1	bisrv.dll
Details	File	1	createandloaddifferencinghive.cpp
Details	Windows Registry Key	1	HKEY_CURRENT_USER_LOCAL_SETTINGS
Details	Windows Registry Key	13	HKEY_LOCAL_MACHINE\Software
Details	Windows Registry Key	16	HKLM\Software
Details	Windows Registry Key	15	HKLM\System
Details	Windows Registry Key	24	HKLM\SAM