Managed XDR
Group-IB MDP Report
File info
Filename: 20250701_fp_100_15.eml
File Type: UTF-8 Unicode text
File Size: 1 MB
Env info
win7/x86 en
Hashes
SHA1: 026e60a944758c545b54f941e40953285149e657
SHA256: ff7bd35d72ab02c2bfa5f5487c6f73f27f07610ebf34ce27c434b9b7da67c04e
MD5: b4d360afbbf5b2b9acea8eee58355854
Signatures
Execution
T1059 autoit: AutoIt script execution detected
T1059 autoit_suspicious_script: Autoit contains suspicious script
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_upx: The executable file is compressed using UPX
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Other
yara_rules: Static rules
creates_many_processes: Spawns a lot of processes (over 70)
no_graphical_activity: No graphic activity
next report: 13ed497c-67c2-40e6-b463-558406bb98bd
previous report: d0f80430-e831-4577-8f10-4cfd8a383892
Managed XDR