Managed XDR

complaintcopy_12029-feb01-.one — malware analysis report

File info

Filename
complaintcopy_12029-feb01-.one
File type
data
File size
239.7 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
7789b077b7a2f606562c221d43aa1ced5c3cff3a
SHA256
8e8344b82c2c8113061be64ea03032a07940421a6a10f4985edf5209c32d9adb
MD5
77916c3cd75da5b7b1fac9f874b74ea8

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1070 stealth_window: A process created a hidden window

Credential Access

T1552 cookie_files: Accesses cookie files
T1555.003 cookie_files: Accesses cookie files

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed
T1497.003 antisandbox_sleep: The process attempted to slow down analysis

Command and Control

T1105 cmdline_curl: Uses curl utility for network data transferring

Other

yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services