Managed XDR

tmp-zjphfqnjrt15606276122210818875.tmp — malware analysis report

File info

Filename
tmp-zjphfqnjrt15606276122210818875.tmp
File type
Zip archive data, at least v2.0 to extract
File size
722 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
d54cf6234ed360273d5f074af780b8a4f244f2ca
SHA256
ad29e22e4bed73fd20df92afe765f55ff31a6aad33a195ad963fa21db11a24be
MD5
c34be146d59928590bfd9c08f35df83f

Signatures

Persistence

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup

Privilege Escalation

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1564.001 stealth_file: Creates hidden or system files
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

networkdyndns_checkip: Connects to a Dynamic DNS domain
creates_in_programdata: Creates files in the ProgramData directory
Managed XDR