Jump to content

Zeealex

Staff
  • Posts

    4,087
  • Joined

  • Last visited

  • Days Won

    135

Posts posted by Zeealex

  1. high RAM usage with no explanation is a potential IOC(indicator of compromise) and could indicate that a malicious process is injecting into the memory.

    if you work for a medical society you are a potential high gain target of APT's and general attackers trying to make money off the back off covid or disrupt operations in relation to it.

  2. The primary concern there is they don't know what other 'malicious' files are being distributed unchecked, it's relatively common for malicious files to go undetected by AV scanners. It's also pretty common for accounts to be distributing cracked software etc.

    It's mainly a precautionary measure and intended to be temporary until they can get more information. Both as a protection for its users and itself.

    It's just a shame they've dropped the ball on the information part.

     

    I'm by no means trying to patronise or insult your intelligence on the injection part, more say that Malware ❤️ Memory Injection. So a lot of innocent injection programs get caught up in the crossfire. So it's considered 'reasonable' from the part of DropBox to kill links as a precaution.

    • Like 1
  3. It's a common issue regarding executable files that perform memory injections, it tends to trip behavioural analysis in VirusTotal as it's a very common component of the execution process of some of the worst malware, Ransomware uses memory and process injection to hook into explorer for example, and due to the recent epidemic of ransomware sweeping the world, hosts are taking a much more hardline approach to potential malware being hosted on their servers (except Google Drive, apparently).

    I've reported the hashes as a false positive with a detailed explanation to VirusTotal, so hopefully they will work on that and stop it tripping when hosts perform regular AV scans.
    I may disassemble it and run through its primary functions with them. But you can use that verdict in your DropBox appeal.

    It's why I always recommend using an encrypted .7z file for any executable files that inject into memory, or executables with components that were originally coded in x86 Assembly (a bad/mistyped register operand can trip most AVs)

    Microsoft offers a terabyte for free, Google Drive is also cheap and a little more relaxed.

    Alternatively you could set up a home-server with NAS.

    • Like 1
×
×
  • Create New...