Download as pdf or txt
Download as pdf or txt
You are on page 1of 2

IoC Investigation

This file uses Credential Dumping in order to gain a better credential for files. With more
credentials, it could have access to more usernames and/or passwords. That could lead to a
rabbit hole of problems for the unaware user, especially if it pertains to sensitive information.

This file also sees if any anti-virus program is implemented. Also how well it's implemented. It
can change the configuration of the firewall without the user's input. This could be like a
faux-safety thing in the user's eye. They may think they have a great firewall that's active, but
since it's been compromised, the user is letting in more harm than keeping it away.
This file attempts to help the attacker find the environment you're in through Application Window
Discovery. It basically tries to show what open applications are running, or ran to see how the
computer is being used.

This file also attempts Privilege Escalation through process injection. This is bad because the
attacker can put in a malicious code, while a program is running. What this does is potentially
bypass the security detection because its already being run as a trusted process.

You might also like