Managed XDR

c-users-user-appdata-l...mp-ogurrnkdxbfijvm.exe — malware analysis report

File info

Filename
c-users-user-appdata-local-temp-is-d4d2p.tmp-ogurrnkdxbfijvm.exe
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
2.3 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
8dae80bbd76b91eedf3ff736bff61bffd1f438f9
SHA256
6d7891204dddf2fbd983e75de52d6b85ba5eaaaaa8c0e8ad27a78887b3dca4a8
MD5
52efe7b7bb28e44faad7e4fe4527516d

Signatures

Persistence

T1543.003 persistence_services: Modifies Services registry key
T1574.011 persistence_services: Modifies Services registry key

Privilege Escalation

T1543.003 persistence_services: Modifies Services registry key
T1574.011 persistence_services: Modifies Services registry key
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1574.011 persistence_services: Modifies Services registry key
T1027.002 pe_features: Executable file has PE anomalies (may be false positive)
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1057 process_interest: Enumerates processes

Other

yara_rules: Static rules
static_pe_anomaly: The PE file structure contains anomalies
unexpected_exception: Unexpected exception
require_administrator: Requests administrator privileges
get_policy_info: Retrieves information about a Policy object