Managed XDR

need-update-on-the-inv...ice-payment-status.msg — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
need-update-on-the-invoice-payment-status.msg
Тип файла
CDFV2 Microsoft Outlook Message
Размер файла
457.5 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
af143d8c6d47d5704257a09f9dae615209444e39
SHA256
447674810e21bf8c3006181dd50fd0ab9732fc935f0546c32d19cc2269767ad6
MD5
7f3eefed8e4980f0c53fa9c45dc5ac1c

Сигнатуры

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1070 stealth_window: A process created a hidden window

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
checktokenmembership: Checks user token with CheckTokenMembership call