Managed XDR

downloads-poision-attack.exe — malware analysis report

File info

Filename
downloads-poision-attack.exe
File type
PE32+ executable (console) x86-64, for MS Windows
File size
10.8 MB
First seen
Last seen

Environment

win7/x64 en

Hashes

SHA1
a4e2a680c74c869993aa49e2a8e1bddb99e127b7
SHA256
0ae7a7fe646eef69488a35e28857bd94ba0620e57ca951fd542128ec5b92a1de
MD5
6946b52930ec074c76373efccae3e0c0

Signatures

Execution

T1059.006 drops_python_dll: Drops python dll

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
no_graphical_activity: No graphic activity
get_policy_info: Retrieves information about a Policy object
pe_overlay: PE file contains overlay