Managed XDR

shader.zip — malware analysis report

File info

Filename
shader.zip
File type
Zip archive data, at least v2.0 to extract
File size
322.7 KB
First seen
Last seen

Environment

win7/x64 en

Hashes

SHA1
bd6025082f62520ab865c909e0a7f3731662c43c
SHA256
297a0f9c0d9971a4abbeb424d64f027bf61d36450e21a49b81b211f49bfd7418
MD5
399e79edc2c2d48a5a5bd671ec799e5d

Signatures

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 pe_features: Executable file has PE anomalies (may be false positive)
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1497.001 antivm_queries_computername: Retrieves the computer name

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed
T1497.001 antivm_queries_computername: Retrieves the computer name
T1135 server_share_info: Retrieves information about each shared resource on a server

Other

yara_rules: Static rules
create_rpc_bindings: Creates RPC connection
has_pdb: This executable file has a PDB path
get_policy_info: Retrieves information about a Policy object
many_files_in_archive: The archive contains more than 5 files