Managed XDR

c1r381t35628827.eml — malware analysis report

File info

Filename
c1r381t35628827.eml
File type
SMTP mail, ASCII text
File size
6.4 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
7cf9389de4a25e44f596b1f6b396757e5169128d
SHA256
5dfc5658de31c3c46f560c113d33544f55eaab9d2b372fb2bb901fc89ce1c380
MD5
6b9aee4b1c90a7e143771721ff24ff35

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.002 async_mouse: Watches for mouse clicks using GetAsyncKeyState to detect human activity
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.002 async_mouse: Watches for mouse clicks using GetAsyncKeyState to detect human activity

Other

yara_rules: Static rules
pdf_compressed_stream: Contains an object with compressed stream
has_pdb: This executable file has a PDB path
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
office_links: Office file contains external links
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card
Managed XDR