Trojan generates 4691 in Security log Expand / Collapse
Author
Message
Posted 2/6/2016 6:19:27 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 2/6/2016 6:14:25 PM
Posts: 1, Visits: 0
With auditing enabled the following entry appears with Event ID 4691 when machine is infected with Dynamer!ac Trojan:

<14>Feb 5 20:50:40 telstar-X.alternubis.com MSWinEventLog 1 Security 88182 Fri Feb 5 20:50:40 2016 4691 Microsoft-Windows-Security-Auditing N/A N/A Success Audit telstar-X.alternubis.com Other Object Access Events Indirect access to an object was requested. Subject: Security ID: S-1-5-21-2816896582-3717673338-702387886-2189 Account Name: bishop Account Domain: ALTERNUBIS Logon ID: 0x425E4 Object: Object Type: ALPC Port Object Name: \Sessions\2\Windows\ApiPort Process Information: Process ID: 0x159c Access Request Information: Accesses: Communicate using port Access Mask: 0x1 343434396

The process ID listed here was associated to Microsoft Word.
Post #5161
Posted 2/12/2016 12:59:48 PM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 212, Visits: 0
Many different types of security events can be generated due to a malware infection. This may be an instance of that.
Post #5168
Posted 8/30/2016 4:40:21 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 8/19/2015 12:10:30 AM
Posts: 1, Visits: 0
Hi Derek Thomas,

As you mentioned "
Many different types of security events can be generated due to a malware infection. Can you please list the event which can generate during malware infection.

"
Post #6258
Posted 9/1/2016 2:32:54 PM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 212, Visits: 0
Malware can create new services, new scheduled tasks, modify certain registry entries, and anything that a user can generate. It is all based on the type of malware.
Post #6259
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 5:48pm