Managed XDR

banned-20251006t172101-26578-06 — malware analysis report

File info

Filename
banned-20251006t172101-26578-06
File type
SMTP mail, UTF-8 Unicode text
File size
8.6 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
9c35868d17dbc95574a5993baa10a7567c1d9267
SHA256
6d3b1476837d970bb1c01f2041ecd553d80a8d7ff11f0b098202692296df2af6
MD5
508931963ae2dff880fc288dd2ada4a4

Signatures

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process
T1059.001 url_cmdline: Cmdline of process contains URL
T1059.003 suspicious_batch: Suspicious batch
T1059.003 url_cmdline: Cmdline of process contains URL

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
checktokenmembership: Checks user token with CheckTokenMembership call