Managed XDR
Group-IB MDP Report
File info
Filename: c-users-keecfmwgj-appdata-local-temp-1018683001-13932dc738.exe
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
File Size: 1.8 MB
Env info
w10/x86 en
Hashes
SHA1: 6986cd38c84503652d7903d009407505c29c97ca
SHA256: f1f8b65fb8cee22e24a3b618e08d67afc95af54804bd480a8152126bf5bb134e
MD5: 046f12845d7be58c8a513350daee8bba
Signatures
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1027.002 packer_themida: Themida packer signatures detected
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1027.002 pe_features: Executable file has PE anomalies (may be false positive)
T1497.001 antivm_generic_video: Checks information about video adapters in registry, possibly for anti-virtualization
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Discovery
T1497.001 antivm_generic_video: Checks information about video adapters in registry, possibly for anti-virtualization
Command and Control
T1071.001 network_http: Performs HTTP requests
Other
yara_rules: Static rules
static_pe_anomaly: The PE file structure contains anomalies
creates_exe: Creates executable files in the file system
no_graphical_activity: No graphic activity
suricata_alert: Malicious traffic detected
next report: e42fee3e-a5dd-4b8b-aebd-7d39760cc402
previous report: e1a5a168-a896-41ec-9b84-c783b1cfe358
Managed XDR