Managed XDR

1620921363.m594689p270...058.stratoserver.net-s — malware analysis report

File info

Filename
1620921363.m594689p27044.h2877058.stratoserver.net-s
File type
SMTP mail, ASCII text
File size
726.7 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
5ab8ad95d488ae976fd19deda5574cd6a47b8928
SHA256
6d32a2352bd1764457d7716dc4e4c79a57af2d6a2ea74ffe7f898289042b7904
MD5
f3386419bab9afec8c3710edc967be18

Signatures

Execution

T1064 office_macros: The document contains macroses (total: 2)

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1064 office_macros: The document contains macroses (total: 2)
T1497 windows_enumthread: Attempts to enumerate windows using EnumThreadWindows and SendMessage for text obtaining

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed
T1497 windows_enumthread: Attempts to enumerate windows using EnumThreadWindows and SendMessage for text obtaining
T1082 windows_enumthread: Attempts to enumerate windows using EnumThreadWindows and SendMessage for text obtaining

Other

yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card