Managed XDR

sniffed-executable-file (Conti, Follina) — malware analysis report

File info

Filename
sniffed-executable-file
File type
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
File size
1.5 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
8dae387df4e167093e44356b3e027cbaf84f6e17
SHA256
84f1972e4582e535d7b37a46921057b00176011ef249374e697396a1e7fedb07
MD5
68a687698327e1c5a3858c0edc60123c

Malwares

  • Conti
  • Follina

Signatures

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
message_box: Displays a message

Related reports

Managed XDR