Managed XDR

data-saranyav-malimg_g...33d7c861253602e68f.exe — malware analysis report

File info

Filename
data-saranyav-malimg_gnn-exe_files-wintrim.bx-00e1812a1354a133d7c861253602e68f.exe
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
408 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
c2f6ba55bb770834b4d5000b6ba0186811a68279
SHA256
26fc4eb67f3c10f8a927c74533fa6d9aaf76ce2bf444519bce33776925270908
MD5
7f96fa2af3051a29f414f40cacee5d21

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
process_crashed: One of the processes has failed
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
require_administrator: Requests administrator privileges
test_check_service: Starts services
pe_overlay: PE file contains overlay