Managed XDR

remote-accesswinlauncher.exe_icon.exe — malware analysis report

File info

Filename
remote-accesswinlauncher.exe_icon.exe
File type
PE32+ executable (GUI) x86-64, for MS Windows
File size
633.7 KB
First seen
Last seen

Environment

w10/x64 en

Hashes

SHA1
bcb0fb6730f4b0c546aa0be2fa447cd8da2df93a
SHA256
29feb5a85957fcb040527b2e1bef4cfe701af36f96d901a52b7c5c6a70fda49f
MD5
4801beb3f3ae2c08266483e11a7aca2a

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
require_administrator: Requests administrator privileges
creates_in_programdata: Creates files in the ProgramData directory
test_check_service: Starts services
pe_overlay: PE file contains overlay
ce_info: SimpleHelp Configuration Data found
valid_authenticode: The digital signature has been verified
Managed XDR