saferwall/saferwall

[Services] Create process tree structure in sandbox

Closed this issue a year ago · 2 comments

LordNoteworthy commented a year ago

{
	"proc_tree": {
		"pid": 102
		"proc_name": "malware.exe"
		"file_path": "C:\\Users\\Ayoub\\Downloads\\malware.exe"
		"file_type": "PE"
		"detection": "Emotet"
		"ioc": [
			{
				"category":
				"description":
				"severity":
				"module":
			}
		],
		"child": {}
	},
}

LordNoteworthy commented a year ago

https://practical365.com/wp-content/uploads/2018/04/wd-atp-alerts-03.jpg
https://practical365.com/wp-content/uploads/2018/04/wd-atp-alerts-07-1024x544.jpg
https://practical365.com/wp-content/uploads/2018/04/wd-atp-alerts-08.jpg
https://practical365.com/wp-content/uploads/2018/04/wd-atp-alerts-09-1024x398.jpg

LordNoteworthy commented a year ago