Managed XDR

1cf9488e12bc094cc16bd91930d7502f.virus — malware analysis report

File info

Filename
1cf9488e12bc094cc16bd91930d7502f.virus
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Archive, ctime=Thu Dec 6 04:29:14 2018, mtime=Thu Dec 6 04:29:14 2018, atime=Thu May 22 12:29:50 2014, length=828144, window=hide
File size
692 Bytes
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
0c495e01f6c0c7f0f038f98bdbaece00ed4ad0d8
SHA256
43e202cef97154b8a2f90f2a774d3f52dcd21181572be17f5e8f98cb796e8c67
MD5
1cf9488e12bc094cc16bd91930d7502f

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
create_process_failed: Could not start the process
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object