Managed XDR

vade_clean_varist_posi...data_2nd_batch_163.eml — malware analysis report

File info

Filename
vade_clean_varist_positive_data_2nd_batch_163.eml
File type
ASCII text
File size
914 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
70464bcb3cd02255550456ea84f9c5400733538c
SHA256
7d21f7541e1e0f8bdd8becd6c76c1dc2cf814e8066de1e9ab44daa37a3464b57
MD5
2761f93407946f65c5604ed2738d4fd7

Signatures

Execution

T1059 autoit: AutoIt script execution detected
T1059 autoit_suspicious_script: Autoit contains suspicious script

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
message_box: Displays a message
error_drawtext: An error occured while executing the file