Managed XDR

need-update-on-the-inv...ice-payment-status.msg — malware analysis report

File info

Filename
need-update-on-the-invoice-payment-status.msg
File type
CDFV2 Microsoft Outlook Message
File size
457.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
af143d8c6d47d5704257a09f9dae615209444e39
SHA256
447674810e21bf8c3006181dd50fd0ab9732fc935f0546c32d19cc2269767ad6
MD5
7f3eefed8e4980f0c53fa9c45dc5ac1c

Signatures

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1070 stealth_window: A process created a hidden window
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
checktokenmembership: Checks user token with CheckTokenMembership call