ioc[.]one - OSINT Cyber Threat Intelligence Database

Dumping Hashes on Win2k8 R2 x64 with Metasploit :: malicious.link — welcome

Tags

attack-pattern:

Dns - T1071.004 Dns - T1590.002 Exploits - T1587.004 Exploits - T1588.005 Mmc - T1218.014

Show in Graph

Common Information

Type	Value
UUID	b9995c98-5100-4ff0-a6d4-ccd4cf277bf9
Fingerprint	5d38755bf5e4c55f
Analysis status	DONE
Considered CTI value	0
Text language
Published	May 16, 2011, 2:35 a.m.
Added to db	Jan. 18, 2023, 9:59 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	UNKNOWN
Title	Dumping Hashes on Win2k8 R2 x64 with Metasploit :: malicious.link — welcome
Detected Hints/Tags/Attributes	18/1/66

Source URLs

	Redirection	Url
Details	Source	https://malicious.link/post/2011/2011-05-16-dumping-hashes-on-win2k8-r2-x64-with-metasploit/

URL Provider

Details	Provider	Source level domain
Details	malicious.link	malicious.link

Attributes

Details	Type	#Events	Value
Details	Domain	285	microsoft.net
Details	File	119	smss.exe
Details	File	6	c:\windows\system32\smss.exe
Details	File	165	csrss.exe
Details	File	9	c:\windows\system32\csrss.exe
Details	File	89	wininit.exe
Details	File	6	c:\windows\system32\wininit.exe
Details	File	212	winlogon.exe
Details	File	11	c:\windows\system32\winlogon.exe
Details	File	306	services.exe
Details	File	23	c:\windows\system32\services.exe
Details	File	478	lsass.exe
Details	File	29	c:\windows\system32\lsass.exe
Details	File	31	lsm.exe
Details	File	3	c:\windows\system32\lsm.exe
Details	File	1122	svchost.exe
Details	File	92	c:\windows\system32\svchost.exe
Details	File	131	spoolsv.exe
Details	File	8	c:\windows\system32\spoolsv.exe
Details	File	2	webservices.exe
Details	File	2	dfsrs.exe
Details	File	1	c:\windows\system32\dfsrs.exe
Details	File	11	dns.exe
Details	File	3	c:\windows\system32\dns.exe
Details	File	1	ismserv.exe
Details	File	1	c:\windows\system32\ismserv.exe
Details	File	74	vmtoolsd.exe
Details	File	8	c:\program files\vmware\vmware tools\vmtoolsd.exe
Details	File	2	wlms.exe
Details	File	1	c:\windows\system32\wlmswlms.exe
Details	File	3	dfssvc.exe
Details	File	1	c:\windows\system32\dfssvc.exe
Details	File	4	vmupgradehelper.exe
Details	File	1	c:\program files\vmware\vmware tools\vmupgradehelper.exe
Details	File	5	tpautoconnsvc.exe
Details	File	1	c:\program files\vmware\vmware tools\tpautoconnsvc.exe
Details	File	11	vds.exe
Details	File	4	c:\windows\system32\vds.exe
Details	File	21	sppsvc.exe
Details	File	3	c:\windows\system32\sppsvc.exe
Details	File	142	wmiprvse.exe
Details	File	1	c:\windows\system32\wbemwmiprvse.exe
Details	File	62	taskhost.exe
Details	File	5	c:\windows\system32\taskhost.exe
Details	File	55	dwm.exe
Details	File	7	c:\windows\system32\dwm.exe
Details	File	1260	explorer.exe
Details	File	99	c:\windows\explorer.exe
Details	File	11	tpautoconnect.exe
Details	File	2	c:\program files\vmware\vmware tools\tpautoconnect.exe
Details	File	137	conhost.exe
Details	File	20	c:\windows\system32\conhost.exe
Details	File	28	vmwaretray.exe
Details	File	1	c:\program files\vmware\vmware tools\vmwaretray.exe
Details	File	30	vmwareuser.exe
Details	File	1	c:\program files\vmware\vmware tools\vmwareuser.exe
Details	File	54	mmc.exe
Details	File	4	c:\windows\system32\mmc.exe
Details	File	41	mscorsvw.exe
Details	File	14	trustedinstaller.exe
Details	File	1	c:\windows\servicing\trustedinstaller.exe
Details	File	55	msdtc.exe
Details	File	1	c:\windows\system32\msdtc.exe
Details	File	380	notepad.exe
Details	File	6	c:\windows\syswow64\notepad.exe
Details	File	33	c:\windows\system32\notepad.exe