Managed XDR

c-users-user-appdata-l...temp-umcuwe-roetje.exe (Tinba) — malware analysis report

File info

Filename
c-users-user-appdata-local-temp-umcuwe-roetje.exe
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
593 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
d0073be6abe668b0e00f9053477c97ce857545c7
SHA256
ac70c5cd5831d5b8a73383eb90bfd941c5e92c523323704fc75a310d7c8651ad
MD5
d1e394953a63f787c08fded0899823ec

Malwares

  • Tinba

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1057 process_interest: Enumerates processes

Other

yara_rules: Static rules
process_crashed: One of the processes has failed
no_graphical_activity: No graphic activity
origin_langid: Unconventional language of the executable file
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services

Related reports