Process Doppelgänging meets Process Hollowing in Osiris dropper | Malwarebytes Labs
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Impersonation - T1656 Malware - T1587.001 Malware - T1588.001 Process Doppelgänging - T1055.013 Process Hollowing - T1055.012 Process Doppelgänging - T1186 Process Hollowing - T1093
Show in Graph
Common Information
Type Value
UUID dfbaa08c-c200-4265-9c7f-252c77244d50
Fingerprint 3e050911a8ad05b1
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 13, 2018, midnight
Added to db Jan. 18, 2023, 8:35 p.m.
Last updated Nov. 17, 2024, 6:53 p.m.
Headline Process Doppelgänging meets Process Hollowing in Osiris dropper
Title Process Doppelgänging meets Process Hollowing in Osiris dropper | Malwarebytes Labs
Detected Hints/Tags/Attributes 38/2/7
Source URLs
Redirection Url
Details Source https://blog.malwarebytes.com/threat-analysis/2018/08/process-doppelganging-meets-process-hollowing_osiris/
URL Provider
Details Provider Source level domain
Details malwarebytes.com blog.malwarebytes.com
Attributes
Details Type #Events CTI Value
Details File 51 
wermgr.exe
Details File 533 
ntdll.dll
Details File 1 
liebert.bmp
Details md5 1 
8d58c731f61afe74e9f450cc1c7987be
Details md5 1 
2a550956263a22991c34f076f3160b49
Details md5 1 
d8425578fc2d84513f1f22d3d518e3c3
Details sha256 1 
d98a9c5b4b655c6d888ab4cf82db276d9132b09934a58491c642edf1662e831e