Managed XDR

__virus__-re_-re_-po-no.42741-jan2015.eml — malware analysis report

File info

Filename
__virus__-re_-re_-po-no.42741-jan2015.eml
File type
SMTP mail, ASCII text, with CRLF line terminators
File size
647.9 KB
First seen
Last seen

Environment

w10/x86 en

Hashes

SHA1
9a19d0dc1092cbf3be9969ea90f4eaae9c1579e1
SHA256
5adc9453147c68c7bbb41924ec3a65fbc71c0db5b4951ee6066e0476814245d5
MD5
362b82485dd6819aecc9ebef942c5f55

Signatures

Execution

T1204.002 mimics_extension: Attempts to mimic the file extension

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036 mimics_extension: Attempts to mimic the file extension
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
dotnet_suspicious_resources_names: Dotnet program has suspicious resources names
test_check_service: Starts services