Managed XDR

csm-services-ltd-accou...files-via-sendlinx.eml — malware analysis report

File info

Filename
csm-services-ltd-accounts-sent-you-files-via-sendlinx.eml
File type
RFC 822 mail, ASCII text, with CRLF line terminators
File size
37 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
1ab9be0b75860aaba4ac742a3bc24e2f3075dfe6
SHA256
cceeec58d437b381104cb3061f100830e0f1dcce373aa6170c55ac45443f733a
MD5
ef7d73f6f0492b0e10d7697cd2d6f8c5

Signatures

Initial Access

T1192 html_urls: HTML-document downloads a file

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

suspicious_pdf_link: PDF file with suspicious hyperlink or content
suspicious_pdf: PDF file with suspicious content
pdf_page: Contains only one page
pdf_compressed_stream: Contains an object with compressed stream
get_policy_info: Retrieves information about a Policy object
office_links: Office file contains external links