Spawned process "WerFault.exe" with commandline "-u -p 3472 -s 212" ( Show Process) Spawned process "WerFault.exe" with commandline "-u -p 3056 -s 212" ( Show Process) Spawned process "WerFault.exe" with commandline "-u -p 2080 -s 212" ( Show Process) Spawned process "WerFault.exe" with commandline "-u -p 2880 -s 212" ( Show Process) Spawned process "WerFault.exe" with commandline "-u -p 1864 -s 212" ( Show Process) Spawned process "WerFault.exe" with commandline "-u -p 2656 -s 212" ( Show Process) Spawned process "WerFault.exe" with commandline "-u -p 2144 -s 212" ( Show Process) Spawned process "WerFault.exe" with commandline "-u -p 3928 -s 212" ( Show Process) Spawned process "WerFault.exe" with commandline "-u -p 3912 -s 212" ( Show Process) Spawned process "WerFault.exe" with commandline "-u -p 2224 -s 212" ( Show Process) Spawned process "WerFault.exe" with commandline "-u -p 2892 -s 216" ( Show Process) Spawned process "WerFault.exe" with commandline "-u -p 1716 -s 212" ( Show Process) Spawned process "WerFault.exe" with commandline "-u -p 3640 -s 212" ( Show Process) Spawned process "WerFault.exe" with commandline "-u -p 544 -s 212" ( Show Process) Spawned process "WerFault.exe" with commandline "-u -p 2896 -s 212" ( Show Process) Possibly tries to communicate over SSL connection (HTTPS) Reads information about supported languagesĪdversaries may target user email to collect sensitive information.įound a potential E-Mail address in binary/memoryĪdversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Installs hooks/patches the running processĪdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. Possibly tries to implement anti-virtualization techniquesĪdversaries may hook into Windows application programming interface (API) functions to collect user credentials. The input sample contains a known anti-VM trick Adversaries may perform software packing or virtual machine software protection to conceal their code.Īdversaries may employ various means to detect and avoid virtualization and analysis environments.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |