Managed XDR
Group-IB MDP Report
File info
Filename: 20250701_fp_100_567.eml
File Type: UTF-8 Unicode text
File Size: 2.6 MB
Env info
win7/x64 en
Hashes
SHA1: f6dc87c42a26b01b14047bf29588be10ede6f9f0
SHA256: 1f81fda28a7c8ea6b73946baa07ad210314168b3eb55bbf730d92314b6f91bf2
MD5: 57162e0408eaa93100c64cd4967d7fac
Signatures
Execution
T1204.002 mimics_extension: Attempts to mimic the file extension
Persistence
T1574 dropper_dll: Creates DLL, which is then loaded into the process
Privilege Escalation
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1036 mimics_extension: Attempts to mimic the file extension
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1027.002 pe_features: Executable file has PE anomalies (may be false positive)
T1134 opens_process_token: Opens the access token associated with a process
T1027.002 packer_entropy: Probably contains compressed or encrypted data
Other
yara_rules: Static rules
process_crashed: One of the processes has failed
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
valid_authenticode: The digital signature has been verified
has_pdb: This executable file has a PDB path
test_check_service: Starts services
pe_overlay: PE file contains overlay
next report: 8775be17-0e81-4f13-84a3-5c41c56a47bf
previous report: 5a429fe1-d1c5-4e31-8977-c0f69033677b
Managed XDR