Managed XDR

topfibra-request-for-quotation.eml — malware analysis report

File info

Filename
topfibra-request-for-quotation.eml
File type
SMTP mail, ASCII text, with CRLF line terminators
File size
2.2 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
b2ef60413bc0df50bbc40ddb891db22c4ac9e06c
SHA256
13bf0abdab16291b674ece6d6d3b22c9d62c3886d73274c9df8d13df50906cad
MD5
3ea38a571700ce2cabdd00353fdf0622

Signatures

Initial Access

T1192 html_urls: HTML-document downloads a file

Execution

T1059.007 bad_js: Suspicious Javascript file

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1070 stealth_window: A process created a hidden window

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed
T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
no_graphical_activity: No graphic activity
break_limit_exceeded: Warning: function calls limit has been exceeded
message_box: Displays a message
error_drawtext: An error occured while executing the file
checktokenmembership: Checks user token with CheckTokenMembership call