Managed XDR

remote-access-windows64-offline.exe_ico — malware analysis report

File info

Filename
remote-access-windows64-offline.exe_ico
File type
PE32+ executable (GUI) x86-64, for MS Windows
File size
4.8 MB
First seen
Last seen

Environment

w10/x64 en

Hashes

SHA1
f9a205bc90a0d1fc211c7c6ed524a44c97d3c217
SHA256
552a8459fc311c1b2db6c980bd4c6dc394ce8fca79a0b497a36d1188aaa3e132
MD5
8b56f613c16ba823644b26907cec13c1

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
require_administrator: Requests administrator privileges
test_check_service: Starts services
pe_overlay: PE file contains overlay
Managed XDR