Managed XDR

snarvei — malware analysis report

File info

Filename
snarvei
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=13, Archive, ctime=Wed Nov 15 16:04:31 2023, mtime=Wed Jan 24 18:43:41 2024, atime=Wed Nov 15 16:04:31 2023, length=491520, window=hidenormalshowminimized
File size
4.8 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
b3e4ca675c2a91a88f8f0f977f3acc7a530f10e8
SHA256
c3ae00ca134bc002bf778067401658339f2edd27ddaeea8ed74df1d1e3ab81f4
MD5
52a73407dd4b6e046dbff88ae35f0538

Signatures

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1204 suspicious_lnk: LNK file with suspicious content
T1059.001 suspicious_process: Spawns a suspicious process
T1059.001 url_cmdline: Cmdline of process contains URL
T1059.003 url_cmdline: Cmdline of process contains URL

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1218 suspicious_cmdline: Executes a suspicious command
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
Managed XDR