Managed XDR

reshopdrawings.eml20250701-8-j9l5wg — malware analysis report

File info

Filename
reshopdrawings.eml20250701-8-j9l5wg
File type
SMTP mail, ASCII text, with very long lines, with CRLF line terminators
File size
1.9 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
b669d62625183031ca5cf988183ac8b46e112a93
SHA256
cf32cb4c654d59febdf50997ff05beb3ec818a0b390455bea563b22fdcc4b450
MD5
744c103d9db68aa1c0f61e5ef06107eb

Signatures

Execution

T1059.007 pdf_js: PDF contains JavaScript

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
pdf_page: Contains only one page
pdf_compressed_stream: Contains an object with compressed stream
get_policy_info: Retrieves information about a Policy object