Managed XDR

mahnbescheid-20-20antw...11761323503420928-.asd (CobInt) — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
mahnbescheid-20-20antwortbogen-20-20aktenzeichen-autosaved-311761323503420928-.asd
Тип файла
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Template: Normal.dotm, Last Saved By: Administrator, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Tue Apr 30 17:10:00 2019, Last Saved Time/Date: Tue Apr 30 08:36:00 2019, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0
Размер файла
128 KB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x86 en

Хеши

SHA1
1524035e24bcde0cdbb745510b2e68838143738e
SHA256
0c2b7118b005a2923b385cdb24ab877848204b94bbe57f3f699477d455b846b0
MD5
a842c523e894e3433e4c6549fadb02db

Вредоносное ПО

  • CobInt

Сигнатуры

Execution

T1064 office_macros_suspicious: Document contains suspicious macro
T1204.002 office_vb_load: Microsoft Office is loading VB DLL files (macros usage indicator)
T1204.002 office_com_load: Microsoft Office loads COM DLL files (indicator of COM usage in macros)
T1064 office_macros: The document contains macro
T1064 office_macros_autoexec: The document contains an auto-start macro

Defense Evasion

T1064 office_macros_suspicious: Document contains suspicious macro
T1064 office_macros: The document contains macro
T1064 office_macros_autoexec: The document contains an auto-start macro

Credential Access

T1555.004 windows_credential_manager: Acquire credentials from the Windows Credential Manager

Other

yara_rules: Static rules
office_summary: The document contains suspicious metadata
test_check_service: Starts services
writes_data: Writes big amount of data to disk

Похожие отчёты