SPARKLOG

Description

(Cybereason) SPARKLOG (spark.exe) is a 32 bit executable written in C++, employed in this attack to extract a DLL from the CLFS file, decrypt it and then launch it for side-loading by Windows services running as SYSTEM. Executing this phase of the attack successfully enables the attackers to gain Privilege Escalation and also Persistence in a specific case.

Names

Name
SPARKLOG

Type

Loader

Information

https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive

Other Information

Uuid

b7eea0f5-2163-4a25-9078-77bdca383523

Last Card Change

2022-07-19

Threat Intelligence Garden

Explorer

SPARKLOG

SPARKLOG

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks