Managed XDR

4.20251027.20260515.11....cvspambo001.wmail.eml — malware analysis report

File info

Filename
4.20251027.20260515.113363.45631.139787233130240.1.spamreport_phishing.web.cvspambo001.wmail.eml
File type
ASCII text, with CRLF line terminators
File size
2.4 MB
First seen
Last seen

Environment

w10/x86 en

Hashes

SHA1
9addad44ee82d2af0f1cddf4b5eb26c27e2d0e49
SHA256
2da84f6cb70620892ce6709cbbe12ea28a7bb44e0e87cad5142536b3ed8f6202
MD5
7637ffc4c1355c93dceea4a11a442841

Signatures

Execution

T1204.002 office_com_load: Microsoft Office loads COM DLL files (indicator of COM usage in macros)

Defense Evasion

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents

Credential Access

T1555.004 windows_credential_manager: Acquire credentials from the Windows Credential Manager

Discovery

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents

Other

yara_rules: Static rules
test_check_service: Starts services
writes_data: Writes big amount of data to disk
Managed XDR