Forum Discussion

Bronze III

22 days ago

Solved

Ransomware: Darkside - Question 9

In terms of determining the name of the service that is installed after the ransomware was executed, there doesn't seem to be any service installation activities observed from the endpoint. Wonde...

help & support

immersive labs

questions & feedback

ArthurDent
17 days ago
There is a different EventCode that indicates that "A service was installed in the system."

kevinh

Bronze III

22 days ago

When parsing for the service names during execution I am also struggling to find a meaningful link as well

Which includes parsing for the eventID itself

Forum Discussion

Ransomware: Darkside - Question 9

Featured Places

Help

Related Content

Ransomware: Darkside - Question 8

Ransomware: Annabelle Entry Point

Ransomware: Bad Rabbit - Registry key

How to Answer a Question

APT34: PoisonFrog - Question 6

Recent Discussions

Microsoft Sentinel SOAR: Demonstrate Your Skills Question 11

APT29 Threat Hunting with Splunk: Demonstrate Your Skills - Question 10

Microsoft Sentinel SOAR: Demonstrate Your Skills

Threat Actors: Salt Typhoon – SNAPPYBEE Campaign Analysis - Question 7

Ethereum: The Blockchain, Transactions, and Explorers