Managed XDR
Group-IB MDP Report
File info
Filename: kp770222.exe
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
File Size: 361 KB
Env info
win7/x86 en
Hashes
SHA1: 41343a39bf81045be22d145de55370d71cb126e2
SHA256: d2aa92be0f9a0c984ab3f1448de76e6b4507159b74f73fd4388dd6d1ff2cb8ba
MD5: 27a2093f174fc86e4eef5e93418ea9cb
Signatures
Privilege Escalation
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Other
yara_rules: Static rules
dead_host: Connects to IP addresses that do not respond to requests
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path
get_policy_info: Retrieves information about a Policy object
suspicious_network_port: Performs TCP or UDP request to non-standard port
next report: 77782245-84d0-45c9-9aae-3d070635ff10
previous report: 3677f187-db3e-4388-b4b4-c9627518d396
Managed XDR