..
Click anywhere to stop
Click anywhere to stop
Class | Trojan |
Platform | Win64 |
Family | DllHijacking |
Full name | HEUR:Trojan.Win64.DllHijacking.gen |
Examples |
8FA9AD65119C0A3B1E5BC64C21FF92E4 60F8AF69251CB903C3D73BB6A3178BA9 71358E4433BDA343272105C550564027 B3ED333CF589DE366C7B115E3540265D ACCCD2C09CD3316A680C561E9604918E |
Updated at | 2024-01-12 09:44:18 |
Tactics & techniques MITRE* |
TA0002 ExecutionThe adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery. T1569.002 System Services: Service ExecutionAdversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager (
* © 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
services.exe ) is an interface to manage and manipulate services.(Citation: Microsoft Service Control Manager) The service control manager is accessible to users via GUI components as well as system utilities such as sc.exe and Net.PsExec can also be used to execute commands or payloads via a temporary Windows service created through the service control manager API.(Citation: Russinovich Sysinternals) Tools such as PsExec and sc.exe can accept remote servers as arguments and may be used to conduct remote execution.Adversaries may leverage these mechanisms to execute malicious content. This can be done by either executing a new or modified service. This technique is the execution used in conjunction with Windows Service during service persistence or privilege escalation. |
Find out the statistics of the threats spreading in your region |