Incident Response: Suspicious Email – Part 3

Question

Hey allI am stuck at the ImmersiveLab Incident Response: Suspicious Email – Part 3 - Q3."The malware persists through reboots. What is the registry key value’s name that results in the malware executing automatically?"There is an entry on HKCU Run for the Administrator. Am I on the right track? No matter what I enter it does not accept it.kr

bl1ngod · Answer

nvm... for others having the same thing... go try harder.. it's another key. You'll find the right hint here https://www.infosecinstitute.com/resources/malware-analysis/common-malware-persistence-mechanisms/

Forum Discussion

Incident Response: Suspicious Email – Part 3

1 Reply

Featured Places

Help & Support Forum

Related Content

Incident Response: Suspicious Email – Part 2 -Help Needed.

Incident Response and Forensics for EC2: Preparation

Incident Response: Suspicious Email – Part 2

Incident Response Suspicious Email Part 2 last Question

Incident Response: P2 - stuck on Q11

Recent Discussions

Web App Hacking (Lab series): CVE-2022-2143 (iView2)

Lab 9: Macro Polo

"What is the token from the table?"

Trick or Treat on Specter Street: Manor of Madness

Microsoft Sentinel: SOAR Demonstrate your skills