Managed XDR
Group-IB MDP Report
File info
Filename: 20250701_fp_100_84.eml
File Type: UTF-8 Unicode text
File Size: 2.6 MB
Env info
win7/x64 en
Hashes
SHA1: 141e45d1edb2df0934118511492cb0b715a03e9c
SHA256: 9234adeaeefd907b9ceeb92c44316f84ec6bdbb3f0074a3ec8a1405d16193af5
MD5: 4e8a041f20213feb7c8255214cd8b159
Signatures
Execution
T1204.002 mimics_extension: Attempts to mimic the file extension
Persistence
T1574 dropper_dll: Creates DLL, which is then loaded into the process
Privilege Escalation
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1036 mimics_extension: Attempts to mimic the file extension
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1027.002 pe_features: Executable file has PE anomalies (may be false positive)
T1134 opens_process_token: Opens the access token associated with a process
T1027.002 packer_entropy: Probably contains compressed or encrypted data
Other
yara_rules: Static rules
process_crashed: One of the processes has failed
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
valid_authenticode: The digital signature has been verified
has_pdb: This executable file has a PDB path
test_check_service: Starts services
pe_overlay: PE file contains overlay
next report: 522d52ef-a86f-4221-a515-6725dd7b000c
previous report: e9f2ac16-1dcf-4c47-8f6f-cceb9422903f
Managed XDR