Managed XDR

1-d-e-decd2813781e0d81...71eaac76a36a08eb5.file — malware analysis report

File info

Filename
1-d-e-decd2813781e0d81424ceac54fe4a06d022bb8de496c06f71eaac76a36a08eb5.file
File type
Zip archive data, at least v2.0 to extract
File size
4.3 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
ac8937397cb9f52fbae0cdd74395b27e80a50fbc
SHA256
decd2813781e0d81424ceac54fe4a06d022bb8de496c06f71eaac76a36a08eb5
MD5
75ae8b15e211ff7b74e14d8ca5e5caaa

Signatures

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process
T1059.001 url_cmdline: Cmdline of process contains URL
T1059.003 url_cmdline: Cmdline of process contains URL

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Command and Control

T1102.003 cloud_discord: Connects to cloud services of Discord (potentially for malicious payload delivery)

Other

yara_rules: Static rules
only_exec_in_archive: The archive contains only an executable file
has_pdb: This executable file has a PDB path
get_policy_info: Retrieves information about a Policy object
suricata_alert: Malicious traffic detected