Managed XDR

exploit_temp_cve_paylo...d2e_cve-2023-38831.rar — malware analysis report

File info

Filename
exploit_temp_cve_payload_681dcde7bcd2e_cve-2023-38831.rar
File type
Zip archive data, at least v2.0 to extract
File size
2.4 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
3ac2baf44e1e41d990022bd8d12118e08f10516c
SHA256
fbf0acba5ea24e8ea40fe75db6ab2f42965a5096bdca1892aa3011e5c97d428a
MD5
b26439ecdee69ea5a1ae80c80f6f5d5b

Signatures

Execution

T1204.002 mimics_extension: Attempts to mimic the file extension

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036 mimics_extension: Attempts to mimic the file extension
T1036.001 invalid_authenticode: Digital signature of one or several attached files has failed to be verified
T1218 suspicious_cmdline_keywords: Cmdline with suspicious keywords
T1480 system_default_lang_id_present: Checks the system language
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

yara_rules: Static rules
pdf_page: Contains only one page
unexpected_exception: Unexpected exception
checktokenmembership: Checks user token with CheckTokenMembership call
pe_overlay: PE file contains overlay
executes_dropped_exe: Executes dropped exe files