Managed XDR
Group-IB MDP Report
File info
Filename: inquiry-dubai.eml
File Type: SMTP mail, ASCII text, with CRLF line terminators
File Size: 70.9 KB
Env info
win7/x86 en
Hashes
SHA1: 71cb45f13f83a15f3a0593494a948f91ce3b7ae3
SHA256: 47c6d57e6f0f73c20ab2f4af3bf40a7cd443a5aec0c3d0f174ce4206571cf0d5
MD5: 60d3d9de79c00479ffd92c92c8f163c8
Signatures
Execution
T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.007 bad_js: Suspicious Javascript file
T1059.001 suspicious_process: Spawns a suspicious process
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1070 stealth_window: A process created a hidden window
T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Discovery
T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
Other
no_graphical_activity: No graphic activity
get_policy_info: Retrieves information about a Policy object
checktokenmembership: Checks user token with CheckTokenMembership call
suricata_alert: Malicious traffic detected
next report: e5ef32c0-8097-4c1a-9260-a2f29bd32221
previous report: 90661e27-138b-4c98-ad9f-16d1342a07ab
Managed XDR