Managed XDR

nuevo-orden.eml — malware analysis report

File info

Filename
nuevo-orden.eml
File type
RFC 822 mail, UTF-8 Unicode text, with CRLF line terminators
File size
122.1 KB
First seen
Last seen

Environment

w10/x86 en

Hashes

SHA1
4929c8ff402bc6a73f62158e8c65c0d3c8ab0809
SHA256
dc6b90bb0e4d05d8ed0ebc1e678c7dc923f4e411f6fa975bb7a7725a50621d46
MD5
672f70b28dc30cc6709f8ed55b39ce78

Signatures

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059 powershell_cmd_longcommandline: Suspiciously long commandline
T1059.001 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

no_graphical_activity: No graphic activity
create_rpc_bindings: Creates RPC connection
creates_suspended_process: Creates suspended process
checktokenmembership: Checks user token with CheckTokenMembership call
writes_data: Writes big amount of data to disk
Managed XDR