🛌Persistence Mechanism

Persistence mechanisms are techniques used by malware to ensure that it remains active on a system even after a reboot or other system changes. Here are some common persistence mechanisms:

1. Registry Keys: Malware may modify or add entries to the Windows Registry, such as under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, to execute automatically when the system starts.

2. Startup Folder: Placing a malicious executable or shortcut in the startup folder ensures it runs whenever a user logs in.

3. Scheduled Tasks: Malware can create or modify scheduled tasks to execute at specific times or intervals.

4. Services: Some malware installs itself as a system service, allowing it to run with system-level privileges and restart with the system.

5. WMI (Windows Management Instrumentation): WMI can be used to create persistent event subscriptions that execute malicious code based on specific events or triggers.

6. Bootkits: These are a type of rootkit that infects the Master Boot Record (MBR) or UEFI firmware to gain control before the operating system starts.

7. DLL Injection: Malware may inject malicious code into a legitimate process that is already running, which can be used for persistence if the process is always active.

8. Hooks and API Redirection: By hooking into system APIs or redirecting calls, malware can ensure that it remains active and hides its presence.

9. File System Changes: Modifying system files or creating hidden files in system directories can help maintain persistence.

10. Application Layer: Some malware targets specific applications (e.g., web browsers, email clients) and integrates itself to persist within those applications.

11. User Account Creation: Malware may create new user accounts with elevated privileges to ensure it can continue to operate even if the original account is disabled or deleted.