Managed XDR

qwmtkcimhvecf.exe — malware analysis report

File info

Filename
qwmtkcimhvecf.exe
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
223.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
2f5fab85b41f6eff731f24744be6d3b962c2dc0d
SHA256
132a2cd14cb2a69a4db662c8f1a83206f895965d087d51756ad005bc0e90e653
MD5
773a6d5f7be9d977dc9a5a8bad573c18

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
origin_langid: Unconventional language of the executable file
get_policy_info: Retrieves information about a Policy object