Managed XDR
Group-IB MDP Report
File info
Filename: 4b9dfd7bfa0cb59f6413c9c133d13990.virus
File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
File Size: 2.6 MB
Env info
win7/x86 en
Hashes
SHA1: 7a87ed0df601d5257a494184b9865ee7703a4281
SHA256: 69c1151cbe5696459dce7c5a7f7586ce7d424d9b1db902a10510dcc309a60d17
MD5: 4b9dfd7bfa0cb59f6413c9c133d13990
Signatures
Persistence
T1574 dropper_dll: Creates DLL, which is then loaded into the process
Privilege Escalation
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1027.002 pe_features: Executable file has PE anomalies (may be false positive)
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Discovery
T1518 locates_browser: Attempts to identify where browsers are installed
Other
yara_rules: Static rules
no_graphical_activity: No graphic activity
message_box: Displays a message
next report: 09e8aa53-bbf9-4a08-9086-30226c195d41
previous report: f62aeac2-aea6-43ab-8c0f-913034c79222
Managed XDR