Managed XDR

4y1ycd66f6zllsk.eml — malware analysis report

File info

Filename
4y1ycd66f6zllsk.eml
File type
ASCII text, with very long lines
File size
270.6 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
32f716c0a648b274155b3fa261598250bb09a8d0
SHA256
d0d9cbb9de7c18fe2c0a32bb9eca23731714b807a9910309e2ff5c24fffe3431
MD5
735a1e45ebbc651189dd8c59002792ab

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497 windows_enumthread: Attempts to enumerate windows using EnumThreadWindows and SendMessage for text obtaining
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497 windows_enumthread: Attempts to enumerate windows using EnumThreadWindows and SendMessage for text obtaining
T1082 windows_enumthread: Attempts to enumerate windows using EnumThreadWindows and SendMessage for text obtaining

Other

yara_rules: Static rules
pdf_compressed_stream: Contains an object with compressed stream
break_limit_exceeded: Warning: function calls limit has been exceeded
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
office_links: Office file contains external links
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card