Managed XDR

4.20251010.20260428.95...t.web.cspambo08.nm.eml — malware analysis report

File info

Filename
4.20251010.20260428.95778.36202.140125814126336.1.spamreport.web.cspambo08.nm.eml
File type
ASCII text, with CRLF line terminators
File size
161 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
9feee1d2b4ee68c0349177c8db87a2ed53ac99f1
SHA256
3ebd01ffd0b61710a7b630717eaafe2f5fb9478cd113004c378d591fa7d29b0c
MD5
c42c5ec56d6dc38f53e79b95653c71aa

Signatures

Execution

T1059.001 suspicious_process: Spawns a suspicious process
T1059.003 suspicious_batch: Suspicious batch

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

yara_rules: Static rules
runs_utility_without_cmdline: Runs system utility without arguments (non-typical usage)
checktokenmembership: Checks user token with CheckTokenMembership call