Managed XDR

consoleapplication1.exe — malware analysis report

File info

Filename
consoleapplication1.exe
File type
PE32 executable (console) Intel 80386, for MS Windows
File size
2.7 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
6af8cdeb5d0e50acf0c30721b7d0f95ee3f06529
SHA256
7efac39febcee97adec6f31c05cc8de6f5be67f972ba04e76ef1900dafa3c43a
MD5
25a4568291a19d4ca7bbe8c6eb5b2b9c

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1027.002 packer_entropy: Probably contains compressed or encrypted data

Other

yara_rules: Static rules
network_bind: Starts servers listening at 127.0.0.1:0
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path
test_check_service: Starts services