Managed XDR

there-is-an-issue-with...your-tax-documents.msg — malware analysis report

File info

Filename
there-is-an-issue-with-your-tax-documents.msg
File type
CDFV2 Microsoft Outlook Message
File size
227.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
420a4c82014e0be33360a10cc2afe7d49bab7f1a
SHA256
da7c8f95cb34c3ab84cdc3103411893a0ff2688376e81585767cb2caf01f728f
MD5
e70cf0523c6ebf3b7ac08e7e97dae6ee

Signatures

Execution

T1559 suspicious_process: Spawns a suspicious process
T1059.007 pdf_js: PDF contains JavaScript

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1552 cookie_files: Accesses cookie files
T1555.003 cookie_files: Accesses cookie files

Command and Control

T1071.001 network_http: Performs HTTP requests
T1071.001 winhttp_https: Performs HTTP/HTTPS requests using WinHttp
T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet

Other

suspicious_pdf_link: PDF file with suspicious hyperlink or content
suspicious_pdf: PDF file with suspicious content
pdf_page: Contains only one page
create_rpc_bindings: Creates RPC connection
pdf_compressed_stream: Contains an object with compressed stream
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
office_links: Office file contains external links