Managed XDR

c5ca0739-f4de-405e-9ff1-cac2a5179101.bin — malware analysis report

File info

Filename
c5ca0739-f4de-405e-9ff1-cac2a5179101.bin
File type
RFC 822 mail, ASCII text, with CRLF line terminators
File size
7.3 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
1470af2a89ff6d61dfeed78e74e7f7678077634c
SHA256
5059435f064e45a3828ca0c2c6adbd0aa05ebb9c464c5b951c1e538397fc12ca
MD5
03f6d5b65de018b3b87da45fe9859cba

Signatures

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.007 bad_js: Suspicious Javascript file
T1059.001 suspicious_process: Spawns a suspicious process
T1059.003 suspicious_cmd: Executes cmd.exe with a suspicious command line
T1059.003 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027 suspicious_cmd: Executes cmd.exe with a suspicious command line
T1070 stealth_window: A process created a hidden window
T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
dns_without_resolve: DNS query without a response
no_graphical_activity: No graphic activity
get_policy_info: Retrieves information about a Policy object
checktokenmembership: Checks user token with CheckTokenMembership call