Managed XDR

c-users-user-appdata-l...ec1e29983960c9c00c4469 (Symmi) — malware analysis report

File info

Filename
c-users-user-appdata-local-temp-pnjkpcot.ux5-8589e2d840c3ed5adbdc160724bdb3c2e703adeec1ec1e29983960c9c00c4469
File type
PE32 executable (DLL) (console) Intel 80386, for MS Windows
File size
177 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
8b4da8db0442674505e9b85a3c4e586182ca2d76
SHA256
8589e2d840c3ed5adbdc160724bdb3c2e703adeec1ec1e29983960c9c00c4469
MD5
8318918e43c2f6a876cc2fccc6d40805

Malwares

  • Symmi

Signatures

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1574 dropper_dll: Creates DLL, which is then loaded into the process

Defense Evasion

T1027.002 unnamed_memory_regions_contains_pe: One or several unnamed memory regions are PE files
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1574 dropper_dll: Creates DLL, which is then loaded into the process

Discovery

T1497.003 antisandbox_sleep: The process attempted to slow down analysis

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
pe_overlay: PE file contains overlay

Related reports