Managed XDR

049436bb90f71cf3854981...d9b90e2da_sig_replaced (Regin) — malware analysis report

File info

Filename
049436bb90f71cf38549817d9b90e2da_sig_replaced
File type
PE32 executable (DLL) (native) Intel 80386, for MS Windows
File size
22.8 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
5ea50796a42842211d8d1fc91ec7477795e5abfd
SHA256
cec76e7ffe87003697e152c954249110eeeeda7b5c9d9d12840471484b63a4fb
MD5
805da129970014a9df5bb0d52fb62c24

Malwares

  • Regin

Signatures

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036.001 invalid_authenticode: Digital signature of the executable file has failed the verification
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
message_box: Displays a message
pe_overlay: PE file contains overlay

Related reports