Managed XDR

banned-20251014t082819-01505-14 — malware analysis report

File info

Filename
banned-20251014t082819-01505-14
File type
SMTP mail, UTF-8 Unicode text
File size
701.4 KB
First seen
Last seen

Environment

w10/x86 en

Hashes

SHA1
43aa61f33be013d2af1f33deb1696bf7d251377d
SHA256
5c22c94b22b0b9e04cd75c6cc0054f341ba9651cc64d7813ace37e4819754d4c
MD5
a6a12b7f98438d6ee344a56b8dec5603

Signatures

Execution

T1204.002 mimics_extension: Attempts to mimic the file extension

Privilege Escalation

T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036 mimics_extension: Attempts to mimic the file extension
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1070 stealth_window: A process created a hidden window
T1497.001 antivm_queries_computername: Retrieves the computer name

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
steganographic_png: Possible malicious steganographic PNG
create_process_failed: Could not start the process
process_crashed: One of the processes has failed
dotnet_suspicious_resources_names: Dotnet program has suspicious resources names
creates_suspended_process: Creates suspended process
test_check_service: Starts services
suricata_alert: Malicious traffic detected
dotnet_suspicious_module_name: Dotnet program has suspicious module name
Managed XDR