Managed XDR

112d0df9-3867-016c-2c23-021a49ccb3e8.eml — malware analysis report

File info

Filename
112d0df9-3867-016c-2c23-021a49ccb3e8.eml
File type
RFC 822 mail, ASCII text, with very long lines, with CRLF line terminators
File size
106 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
7e6fd28b22e8faa98f303f81aa46d3413461f01c
SHA256
95e4285cac106f420b67da5c2f670a008fc5019aee6cc2ef04afa67a15b62f0e
MD5
ffd92d1a1910186aab2fe52243d22d02

Signatures

Execution

T1204.002 mimics_extension: Attempts to mimic the file extension

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036 mimics_extension: Attempts to mimic the file extension
T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
message_box: Displays a message
checktokenmembership: Checks user token with CheckTokenMembership call