Managed XDR
Group-IB MDP Report
File info
Filename: f-program-files-x86-tencent-qq-e0caae0804957c5e31c53dd320ca83a5465169c9
File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
File Size: 705.5 KB
Env info
win7/x86 en
Hashes
SHA1: e0caae0804957c5e31c53dd320ca83a5465169c9
SHA256: 967422de1acc14deb7e7ce803d86aff44e2652bfcd550e3a34c2e37abc883dee
MD5: 627c2219a80245a25e4fe9843ac2a021
Malwares
Tinba
Signatures
Persistence
T1574 dropper_dll: Creates DLL, which is then loaded into the process
Privilege Escalation
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Other
yara_rules: Static rules
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path
next report: a82068b3-dbd6-434e-ad4c-742da22be8af
previous report: 41ed21ee-cebb-49b2-94a3-84fb3964d5c4
Managed XDR