The input sample is signed with a certificate issued by "CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at c10, OU=VeriSign Trust Network, O="VeriSign The input sample is signed with a certificate issued by "CN=Symantec Time Stamping Services CA - G2, O=Symantec Corporation, C=US" (SHA1: 65:43:99:29:B6:79:73:EB:19:2D:6F:F2:43:E6:76:7A:DF:08:34:E4 see report for more information) The input sample is signed with a certificate issued by "CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA" (SHA1: 6C:07:45:3F:FD:DA:08:B8:37:07:C0:9B:82:FB:3D:15:F3:53:36:B1 see report for more information) ( Show technique in the MITRE ATT&CK™ matrix) Source Hook Detection relevance 10/10 ATT&CK ID "PicasaPhotoViewer.exe" wrote bytes "68130000" to virtual address "0x76E11680" (part of module "WS2_32.DLL") "PicasaPhotoViewer.exe" wrote bytes "48120000" to virtual address "0x756812DC" (part of module "SSPICLI.DLL") "PicasaPhotoViewer.exe" wrote bytes "48126875" to virtual address "0x756983DC" (part of module "SSPICLI.DLL") "PicasaPhotoViewer.exe" wrote bytes "f8116875" to virtual address "0x7569834C" (part of module "SSPICLI.DLL") "PicasaPhotoViewer.exe" wrote bytes "a0115671" to virtual address "0x773CE324" (part of module "WININET.DLL") "PicasaPhotoViewer.exe" wrote bytes "f8116875" to virtual address "0x756983C4" (part of module "SSPICLI.DLL") "PicasaPhotoViewer.exe" wrote bytes "b810155671ffe0" to virtual address "0x756811F8" (part of module "SSPICLI.DLL") "PicasaPhotoViewer.exe" wrote bytes "f8110000" to virtual address "0x756812CC" (part of module "SSPICLI.DLL") "PicasaPhotoViewer.exe" wrote bytes "48126875" to virtual address "0x75698348" (part of module "SSPICLI.DLL") "PicasaPhotoViewer.exe" wrote bytes "48120000" to virtual address "0x7568139C" (part of module "SSPICLI.DLL") "PicasaPhotoViewer.exe" wrote bytes "48126875" to virtual address "0x756983C0" (part of module "SSPICLI.DLL") "PicasaPhotoViewer.exe" wrote bytes "f8110000" to virtual address "0x75681408" (part of module "SSPICLI.DLL") The input sample is signed with a certificate issued by "CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="c 2006 VeriSign #Soligor tif 340 af zoom flash code
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |