Memory Analysis of Stuxnet with Volatility
Tags
| cmtmf-attack-pattern: | Process Injection |
| country: | Iran |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Process Injection - T1631 Process Injection - T1055 |
Common Information
| Type | Value |
|---|---|
| UUID | 7724742f-2351-41f2-b258-0b4a09bffa37 |
| Fingerprint | 7e0b4adf3d3886a5 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Aug. 7, 2023, 7:39 a.m. |
| Added to db | Oct. 6, 2024, 9:09 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Memory Analysis of Stuxnet with Volatility |
| Title | Memory Analysis of Stuxnet with Volatility |
| Detected Hints/Tags/Attributes | 37/3/16 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | stuxnet.vmem.zip |
|
| Details | Domain | 89 | vol.py |
|
| Details | File | 1 | vmem.zip |
|
| Details | File | 85 | vol.py |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 212 | winlogon.exe |
|
| Details | File | 306 | services.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 17 | mrxcls.sys |
|
| Details | File | 14 | mrxnet.sys |
|
| Details | File | 1 | 0xe1035b60.sys |
|
| Details | File | 1 | tem.reg |
|
| Details | File | 4 | c:\windows\system32\drivers\mrxnet.sys |
|
| Details | File | 4 | c:\windows\system32\drivers\mrxcls.sys |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxNet |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxCls |