adprtext.exe runs in memory for a few seconds, then autoterminates. Sets an AutoRun for adsnpair.exe, triggering cmd.exe, conhost.exe, nslookup.exe and hollowing explorer.exe on reboot. Explorer.exe calls out multiple times. Untouched source file deleted before firing off 2nd_opinion scans. MISS.
Taken from
https://malwaretips.com/threads/mixed-t ... ost-739338
User login needed in order to view.
Hybrid Analysis report for the file:
https://www.hybrid-analysis.com/sample/ ... mentId=100
crypt_0002_1081d.exe shows a similar behaviour, however did not set an AutoRun. - https://www.hybrid-analysis.com/sample/ ... mentId=100
Samples are already submitted to vendor, can be provided on request.
System Information:
Containment: Oracle VM VirtualBox v5.2.12 r122591 (Qt5.6.2)
Guest/OS: Win10 Home v1803 - build 17134.48
Product: Panda Dome Essentials v18.05.00
Panda Dome Essentials - Behaviour Blocker does not prevent Process Hollowing
-
Der.Reisende
- Registered user
- Posts: 2
- Joined: Sat, 19 May 2018, 12:15
Panda Dome Essentials - Behaviour Blocker does not prevent Process Hollowing
- Attachments
-
- autorun.PNG (24.74 KiB) Viewed 3554 times
-
- run12.PNG (284.8 KiB) Viewed 3554 times
-
- reboot.PNG (87.84 KiB) Viewed 3554 times
-
Darth Panda
- Official moderator
- Posts: 1568
- Joined: Tue, 24 Oct 2017, 12:04
Re: Panda Dome Essentials - Behaviour Blocker does not prevent Process Hollowing
Hi Der.Reisende:
To test the files, I need you to send me a compressed copy with password by private email, please.
To test the files, I need you to send me a compressed copy with password by private email, please.
Technical support – Panda Security
www.pandasecurity.com
www.pandasecurity.com