When victims see WerFault.exe running on their machine, they probably assume that some error happened while in this case they have actually been targeted in an attack. WerFault.exe is usually invoked when an error related to the operating system, Windows features, or applications happens. Malwarebytes explained in its research that this tactic might have helped the attack attempt to evade detection: Named "Kraken.DLL," this binary advanced the infection chain by injecting embedded shellcode into the Windows Error Reporting service ( WerFault.exe). Net compiled binary into memory using VBScript to execute it. This document harbored a malicious macro that used a modified version of the CactusTorch VBA module to conduct a fileless attack by loading a. Malicious Document (Source: Malwarebytes)
0 Comments
Leave a Reply. |