RunPE Explained: Hide Malware into a Legit Process • Adlice Software
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 81437c7e-c12b-41e9-bd25-a1ffcdc5e969 |
| Fingerprint | af043c19acb3d613 |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | June 10, 2015, 6:16 a.m. |
| Added to db | Feb. 17, 2023, 10:34 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | RunPE: How to hide code behind a legit process |
| Title | RunPE Explained: Hide Malware into a Legit Process • Adlice Software |
| Detected Hints/Tags/Attributes | 24/1/9 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.adlice.com/runpe-hide-code-behind-legit-process/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | sections.at |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 1 | ntheadersx86.opt |
|
| Details | File | 1 | src_headers.dat |
|
| Details | File | 1 | src_section.dat |
|
| Details | File | 2 | c:\\windows\\explorer.exe |
|
| Details | File | 6 | c:\\windows\\system32\\calc.exe |
|
| Details | File | 312 | calc.exe |