Malicious PowerShell in the Registry: Persistence
Tags
attack-pattern: Hidden Window - T1564.003 Powershell - T1059.001 Software - T1592.002 Hidden Window - T1143 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID f38a0867-74f6-4d24-9f7b-664e60298c06
Fingerprint 7c2fd062f1acfb7d
Analysis status DONE
Considered CTI value 0
Text language
Published June 13, 2018, 6:49 a.m.
Added to db Jan. 18, 2023, 7:32 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Another Forensics Blog
Title Malicious PowerShell in the Registry: Persistence
Detected Hints/Tags/Attributes 16/1/5
Source URLs
Redirection Url
Details Source http://az4n6.blogspot.com/2018/06/malicious-powershell-in-registry.html
URL Provider
Details Provider Source level domain
Details blogspot.com az4n6.blogspot.com
Attributes
Details Type #Events CTI Value
Details File 193 
ntuser.dat
Details File 6 
rip.exe
Details File 2127 
cmd.exe
Details File 1 
scdb.exe
Details Windows Registry Key 48 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run