![]() "dlidusb3.dll" has type "PE32+ executable (DLL) (GUI) x86-64 for MS Windows"- Location:. "dlidusb.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"- Location:. "dlidusb.dll" has type "PE32+ executable (DLL) (GUI) x86-64 for MS Windows"- Location:. "DisplayLinkUsbCo2.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"- Location:. "dlidusb2.dll" has type "PE32+ executable (DLL) (GUI) x86-64 for MS Windows"- Location:. "dlidusb3.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"- Location:. "DisplayLinkUsbCo64.dll" has type "PE32+ executable (DLL) (GUI) x86-64 for MS Windows"- Location:. "dlidusb2.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"- Location:. Possibly tries to communicate over SSL connection (HTTPS) ![]() Reads terminal service related keys (often RDP related)Īdversaries may target user email to collect sensitive information.Īdversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Queries the display settings of system associated file extensionsįound registry key string for installed applicationsĪdversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). Reads information about supported languages Observed Process32First/Process32Next/CreateToolhelp32Snapshot API stringĪdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. ![]() Possibly checks for known debuggers/analysis toolsĪdversaries may attempt to get information about running processes on a system. Reads the registry for installed applicationsĪdversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. Observed GetEnvironmentVariable API stringĬontains ability to read software policiesĪdversaries may attempt to get a listing of software and software versions that are installed on a system or in a cloud environment. Installs hooks/patches the running processĪn adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Observed AdjustTokenPrivileges API stringĪdversaries may delete files left behind by the actions of their intrusion activity.Īdversaries may perform software packing or virtual machine software protection to conceal their code.Īdversaries may hook into Windows application programming interface (API) functions to collect user credentials. Adversaries may interact with the native OS application programming interface (API) to execute behaviors.Īdversaries may inject malicious code into suspended and hollowed processes in order to evade process-based defenses.Īllocates virtual memory in a remote processĪdversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions.Īdversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges.Īdversaries may duplicate then impersonate another user's token to escalate privileges and bypass access controls.Īdversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls.
0 Comments
Leave a Reply. |