SHIM Me What You Got: Manipulating Shim and Office for Code Injection
Tags
Common Information
| Type | Value |
|---|---|
| UUID | e5ed96e1-e0fd-4dcc-b8dc-06966b7d73d2 |
| Fingerprint | 3f38c9173da54611 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 18, 2024, 1 p.m. |
| Added to db | Nov. 1, 2024, 3:22 p.m. |
| Last updated | Nov. 17, 2024, 6:50 p.m. |
| Headline | SHIM Me What You Got: Manipulating Shim and Office for Code Injection |
| Title | SHIM Me What You Got: Manipulating Shim and Office for Code Injection |
| Detected Hints/Tags/Attributes | 60/2/19 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 301 | ✔ | Deep Instinct Blog: Breaking News and Updates | https://www.deepinstinct.com/blog/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 7 | officeclicktorun.exe |
|
| Details | File | 1 | appvisvvirtualization.dll |
|
| Details | File | 1 | appvisvsubsystemcontroller.dll |
|
| Details | File | 8 | appvisvsubsystems64.dll |
|
| Details | File | 2 | ai.exe |
|
| Details | File | 2 | mavinject32.exe |
|
| Details | File | 1 | c:\temp\injected.dll |
|
| Details | File | 1 | c:\program files\commonfiles\microsoftshared\clicktorun\c:\temp\injected.dll |
|
| Details | File | 17 | microsoftedgeupdate.exe |
|
| Details | File | 22 | apphelp.dll |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 2 | sxssrv.dll |
|
| Details | File | 21 | combase.dll |
|
| Details | File | 125 | ntoskrnl.exe |
|
| Details | File | 7 | ahcache.sys |
|
| Details | File | 1 | vrchat.exe |
|
| Details | File | 1 | rtvideo.dll |
|
| Details | File | 3 | acgenral.dll |
|
| Details | Windows Registry Key | 164 | HKLM\SOFTWARE\Microsoft\Windows |