Managed XDR

banned-20250217t173738-24045-12 — malware analysis report

File info

Filename
banned-20250217t173738-24045-12
File type
SMTP mail, ASCII text
File size
987.8 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
a6ff4ab025e38c0328fcad8199f11a0f48be88f7
SHA256
446966bde14f36ef20c859ddcc96399016f65153762172c387a7bdd60ee702de
MD5
e4f282bf23289d1e57a6dd9381c85e0b

Signatures

Initial Access

T1192 html_urls: HTML-document downloads a file

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1497.001 antivm_queries_computername: Retrieves the computer name
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
process_crashed: One of the processes has failed
no_graphical_activity: No graphic activity
dotnet_import_unmanaged_code: Dotnet program statically imports unmanaged functions/modules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
dotnet_suspicious_module_name: Dotnet program has suspicious module name
Managed XDR