Managed XDR

temp-213-.eml — malware analysis report

File info

Filename
temp-213-.eml
File type
RFC 822 mail, UTF-8 Unicode text, with CRLF line terminators
File size
1008 KB
First seen
Last seen

Environment

w10/x86 en

Hashes

SHA1
ca0bd771d6881d3318d5a09f99e86ca2f0e92941
SHA256
8831667ec6f6c104d33d013c092c1fb78b9784c7935ea0e269fdc739dee1cb56
MD5
279dbdfe5f7aba6c6f328ba70d31ce92

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1497.001 antivm_queries_computername: Retrieves the computer name
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
steganographic_png: Possible malicious steganographic PNG
process_crashed: One of the processes has failed
no_graphical_activity: No graphic activity
dotnet_suspicious_resources_names: Dotnet program has suspicious resources names
dotnet_import_unmanaged_code: Dotnet program statically imports unmanaged functions/modules
test_check_service: Starts services
dotnet_use_suspicious_functions: Dotnet program potentially uses suspicious functions/modules
dotnet_suspicious_module_name: Dotnet program has suspicious module name
Managed XDR