Bypassing AntiVirus With Process Injection
Tags
| cmtmf-attack-pattern: | Process Injection |
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Process Injection - T1631 Tool - T1588.002 Process Injection - T1055 |
Common Information
| Type | Value |
|---|---|
| UUID | bf4c8e1f-e20d-4967-9645-6090d65367d6 |
| Fingerprint | b0843a1d0dcf15d9 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Aug. 17, 2010, 6:39 p.m. |
| Added to db | Jan. 18, 2023, 7:45 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | UNKNOWN |
| Title | Bypassing AntiVirus With Process Injection |
| Detected Hints/Tags/Attributes | 20/2/25 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 29 | vimeo.com |
|
| Details | Domain | 1 | generic.py |
|
| Details | Domain | 1 | www.garage4hackers.com |
|
| Details | File | 1 | generic.py |
|
| Details | File | 1 | pgeneric.txt |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 119 | smss.exe |
|
| Details | File | 165 | csrss.exe |
|
| Details | File | 212 | winlogon.exe |
|
| Details | File | 306 | services.exe |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 26 | vmacthlp.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 131 | spoolsv.exe |
|
| Details | File | 119 | sqlservr.exe |
|
| Details | File | 66 | sqlwriter.exe |
|
| Details | File | 14 | notepad++.exe |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 56 | tasklist.exe |
|
| Details | File | 142 | wmiprvse.exe |
|
| Details | File | 4 | injector.exe |
|
| Details | IPv4 | 45 | 192.168.1.10 |
|
| Details | IPv4 | 27 | 192.168.1.3 |
|
| Details | Url | 1 | http://vimeo.com/14139105 |
|
| Details | Url | 1 | http://www.garage4hackers.com |