Managed XDR

re_-purchase-order-450...-pembinaan-eastern.eml — malware analysis report

File info

Filename
re_-purchase-order-4500266018-26.09.2025-33462-pembinaan-eastern.eml
File type
HTML document, ASCII text, with very long lines, with CRLF line terminators
File size
1.1 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
62901740d7716434c46d982946df38eadc951479
SHA256
d618486af59d1ebdaaa44709b1319205585ee944a504933a0cad61f82001ab6e
MD5
da1a737ff63265c5d510bfea6101aa61

Signatures

Execution

T1059.003 suspicious_process: Spawns a suspicious process
T1059.003 executes_dropped_cmd: Executes dropped batch files
T1559.001 com_exec: Execution of Win32_Process.Create COM Method
T1059.003 suspicious_batch: Suspicious batch

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497 debugs_self: Creates a process and debugs it
T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497 debugs_self: Creates a process and debugs it
T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
no_graphical_activity: No graphic activity
checktokenmembership: Checks user token with CheckTokenMembership call
Managed XDR