Managed XDR

20250728_fp_100_1.eml — malware analysis report

File info

Filename
20250728_fp_100_1.eml
File type
RFC 822 mail, ASCII text
File size
439.8 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
98f8fbbcb8dc8fab0606636dc34b81dfa33904d6
SHA256
0213dbfbeb453aa678696fedcb81c16d0c543558a8ae0f614fc4c1d041ff2621
MD5
1bddd613523cffc805440d732dab9df7

Signatures

Execution

T1047 has_wmi: Executes one or several WMI requests

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1027.002 packer_vb: The executable file is packed using VB
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1480 system_default_lang_id_present: Checks the system language
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1057 has_wmi: Executes one or several WMI requests
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1082 reads_csrss: Attempts to read csrss.exe memory

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity