🔗 Direct Link AI VOICE CHANGER - CARTOON CHARACTERS/CELEBRITIES -[FOR PC] Link updated!

Status
Not open for further replies.
1707451436039.webp
ganito po lumalabas
 
thanks pero Parang may palaman papsi...
bothered ako sa execution nya about dito👇 hahaha
TA0004
Process Injection
T1055
System process connects to network (likely due to code injection)
Modifies the context of a thread in another process (thread injection)
Injects code into the Windows Explorer (explorer.exe)

Code:
Dynamic Analysis Sandbox Detections
The sandbox Zenbox flags this file as: MALWARE ADWARE TROJAN EVADER
MITRE ATT&CK Tactics and Techniques
Execution
TA0002
Windows Management Instrumentation
T1047
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries process information (via WMI, Win32_Process)

Shared Modules
T1129
Parse PE header

Service Execution
T1569.002
Uses sc.exe to modify the status of services

Persistence
TA0003
Windows Service
T1543.003
Creates driver files

Uses sc.exe to modify the status of services

LSASS Driver
T1547.008
Spawns drivers

Privilege Escalation
TA0004
Process Injection
T1055
System process connects to network (likely due to code injection)

Modifies the context of a thread in another process (thread injection)

Injects code into the Windows Explorer (explorer.exe)

Windows Service
T1543.003
Creates driver files

Uses sc.exe to modify the status of services

LSASS Driver
T1547.008
Spawns drivers

Defense Evasion
TA0005
Masquerading
T1036
Creates files in the system32 config directory

Drops PE files to the windows directory (C:\\Windows)

Creates files inside the user directory

Creates files inside the system directory

Process Injection
T1055
System process connects to network (likely due to code injection)

Modifies the context of a thread in another process (thread injection)

Injects code into the Windows Explorer (explorer.exe)

File Deletion
T1070.004
Deletes files inside the Windows folder

File and Directory Permissions Modification
T1222
Modifies the hosts file

Virtualization/Sandbox Evasion
T1497
Query firmware table information (likely to detect VMs)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Contains medium sleeps (>= 30s)

Contains long sleeps (>= 3 min)

May sleep (evasive loops) to hinder dynamic analysis

Disable or Modify Tools
T1562.001
Adds a directory exclusion to Windows Defender

Discovery
TA0007
Application Window Discovery
T1010
Sample monitors Window changes (e.g. starting applications), analyze the sample with the simulation cookbook

Remote System Discovery
T1018
Reads the hosts file

Process Discovery
T1057
Queries a list of all running processes

System Information Discovery
T1082
Queries the cryptographic machine GUID

Reads software policies

Queries process information (via WMI, Win32_Process)

Queries the volume information (name, serial number etc) of a device

Virtualization/Sandbox Evasion
T1497
Query firmware table information (likely to detect VMs)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Contains medium sleeps (>= 30s)

Contains long sleeps (>= 3 min)

May sleep (evasive loops) to hinder dynamic analysis

Security Software Discovery
T1518.001
Query firmware table information (likely to detect VMs)

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Command and Control
TA0011
Application Layer Protocol
T1071
Performs DNS lookups

Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic.

Non-Application Layer Protocol
T1095
Performs DNS lookups

Non-Standard Port
T1571
Detected TCP or UDP traffic on non-standard ports
 
Status
Not open for further replies.

About this Thread

  • 125
    Replies
  • 6K
    Views
  • 114
    Participants
Last reply from:
-Hexacode

Online now

Members online
517
Guests online
1,074
Total visitors
1,591

Forum statistics

Threads
2,288,516
Posts
29,052,108
Members
1,215,132
Latest member
agkakanat
Back
Top