Digital Forensics and Incident Response | DFIR
  • Blog
  • Infosec
  • Windows Forensics
  • Mac Forensics
  • Memory Forensics
  • Incident Response
  • Contact

Overview of Malware Persistence Methods

7/26/2019

0 Comments

 
Malware Persistence Methods
Malware Persistence Methods
Windows Services  Attacks:
Service Creation: Malware authors utilized windows services to maintain the persistence in the machine. There are some services that can be started at  the boot by configuring the start type value by manually or by some event. Windows has tons of services, malware author utilized the concept of "Hide in Plain Sight". Once the attacker has admin rights he/she can easily create a new service or modify an existing one.

Service Replacement: Malware author will find an unused service and replace it with a malicious executable and set it to autostart.

Service Recovery Mode: Load a malicious services and an existing service crashes 
0 Comments

    Archives

    September 2019
    August 2019
    July 2019
    June 2019
    March 2019
    March 2018

    Categories

    All
    ATA
    Detection
    Forensics
    Microsoft
    Rules
    Windows
    Windows Foreniscs

    RSS Feed