Managed XDR

20250728_fp_100_5.eml — malware analysis report

File info

Filename
20250728_fp_100_5.eml
File type
RFC 822 mail, ASCII text
File size
439.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
a079cf27a2176fc1c2f892a547bef0f87d4700c3
SHA256
82068b627bd08ce8a3c1e134d8d56a344acc0a8f17ff9bb213f6dd640700df6c
MD5
e99419c2b37b782267e9ad79dd3a47cf

Signatures

Execution

T1047 has_wmi: Executes one or several WMI requests

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1027.002 packer_vb: The executable file is packed using VB
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1480 system_default_lang_id_present: Checks the system language
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1057 has_wmi: Executes one or several WMI requests
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1082 reads_csrss: Attempts to read csrss.exe memory

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
Managed XDR