Managed XDR
Group-IB MDP Report
File info
Filename: 112d0df9-3867-016c-2c23-021a49ccb3e8.eml
File Type: RFC 822 mail, ASCII text, with very long lines, with CRLF line terminators
File Size: 106 KB
Env info
win7/x86 en
Hashes
SHA1: 7e6fd28b22e8faa98f303f81aa46d3413461f01c
SHA256: 95e4285cac106f420b67da5c2f670a008fc5019aee6cc2ef04afa67a15b62f0e
MD5: ffd92d1a1910186aab2fe52243d22d02
Signatures
Execution
T1204.002 mimics_extension: Attempts to mimic the file extension
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1036 mimics_extension: Attempts to mimic the file extension
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
Discovery
T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
Other
yara_rules: Static rules
no_graphical_activity: No graphic activity
message_box: Displays a message
checktokenmembership: Checks user token with CheckTokenMembership call
next report: d703cf1b-e6ba-421c-a523-716ad80c505a
previous report: 53017dd6-46a0-4f39-b822-516d641241a6
Managed XDR