Managed XDR

ose.exe — malware analysis report

File info

Filename
ose.exe
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
222.3 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
2731ac9eb07cb7c3063f60eb1bf009257a9d4c26
SHA256
f241abe8f35da29e3957886924a70c5d461bf7b5e6dfff25d73a0e455a39e4f7
MD5
ef97b80c370ca1179b1709651a9c9f26

Signatures

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036.001 invalid_authenticode: Digital signature of the executable file has failed the verification
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path
pe_overlay: PE file contains overlay