Managed XDR

mail.eml — malware analysis report

File info

Filename
mail.eml
File type
SMTP mail, UTF-8 Unicode text, with CRLF line terminators
File size
3.7 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
c5cffb08362f461fa04c45982011ae32312af12c
SHA256
dca2c4ee9b3948c486a6e8646a941eb3cdeb7bea8fc6bc757388f4e87d026ead
MD5
4ec57902785b98bd93a79624f682f098

Signatures

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process
T1059.001 url_cmdline: Cmdline of process contains URL
T1059.003 suspicious_batch: Suspicious batch
T1059.003 url_cmdline: Cmdline of process contains URL

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
checktokenmembership: Checks user token with CheckTokenMembership call