Managed XDR
Group-IB MDP Report
File info
Filename: completion-of-system-security-plan-for-review.eml
File Type: ASCII text, with CRLF line terminators
File Size: 3.7 MB
Env info
win7/x64 en
Hashes
SHA1: 9a3d7ef4e8d026e44c64dce710add64d896ee4a1
SHA256: e6dc4eac6ea6ae28465830587b27cef87da501025d290d69e6ca98b84b469b4f
MD5: c1e96aa5384195288f2a19761be8de44
Signatures
Persistence
T1574 dropper_dll: Creates DLL, which is then loaded into the process
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1574 dropper_dll: Creates DLL, which is then loaded into the process
Defense Evasion
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1574 dropper_dll: Creates DLL, which is then loaded into the process
Other
yara_rules: Static rules
valid_authenticode: The digital signature has been verified
pdf_compressed_stream: Contains an object with compressed stream
has_pdb: This executable file has a PDB path
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card
pe_overlay: PE file contains overlay
next report: 92526411-9d1d-4e86-a2a1-75bc4f3dc3b8
previous report: d5040356-5003-4ec2-a279-c5da8b7b37cc
Managed XDR