Managed XDR

20250728_fp_100_361.eml — malware analysis report

File info

Filename
20250728_fp_100_361.eml
File type
ASCII text, with very long lines
File size
202.2 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
759cb306614e4da57190aace706348aa320e31de
SHA256
e89b8bb5e2efb27d8f4f2c7288342e15623f42b4bbeb737079cd6c8a33661c8b
MD5
09997fe2c40f991bce63d35f5afaa7fe

Signatures

Execution

T1059.003 suspicious_batch: Suspicious batch

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
no_graphical_activity: No graphic activity
checktokenmembership: Checks user token with CheckTokenMembership call
Managed XDR