Exam 312-49v10 topic 1 question 793 discussion

ECCouncil Official CHFI https://bookshelf.vitalsource.com/reader/books/9781635676969/ Module 14 Page 1356 - Windows AutoStart Registry Keys The AutoStart keys within the Windows registry, which allow programs to be executed automatically upon system reboot or user login, are the most common locations targeted by malware to achieve persistence on any compromised machine. - If you agree: UPVOTE this post to add your vote to the community tally. If you disagree: discuss with citations Both actions crowdsource best answers.

C. Windows AutoStart Registry Keys Explanation: Fileless malware often leverages Windows AutoStart registry keys (such as those found in HKCU\Software\Microsoft\Windows\CurrentVersion\Run or HKLM\Software\Microsoft\Windows\CurrentVersion\Run) to achieve persistence. By creating or modifying entries in these registry keys, the malware can ensure that it executes each time the system starts, even if the original file-based components are not present.

B. Windows Task Scheduler Explanation: Windows Task Scheduler: Persistence Mechanism: Attackers often use Windows Task Scheduler to create tasks that run on system startup or at scheduled intervals. This allows the malware to execute even after a reboot, making it a common method for maintaining persistence in fileless malware attacks. Windows AutoStart Registry Keys: Potential for Persistence: While AutoStart registry keys (such as those under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run) are indeed used for persistence, fileless malware often avoids traditional file-based mechanisms and may prefer leveraging scheduled tasks due to their ability to execute code directly from memory.

Registry is most used

Using task scheduler, attackers can set the malicious scripts to be triggered and executed automatically at a chosen time intervals.