Managed XDR

1-d-e-decd2813781e0d81...71eaac76a36a08eb5.file — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
1-d-e-decd2813781e0d81424ceac54fe4a06d022bb8de496c06f71eaac76a36a08eb5.file
Тип файла
Zip archive data, at least v2.0 to extract
Размер файла
4.3 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
ac8937397cb9f52fbae0cdd74395b27e80a50fbc
SHA256
decd2813781e0d81424ceac54fe4a06d022bb8de496c06f71eaac76a36a08eb5
MD5
75ae8b15e211ff7b74e14d8ca5e5caaa

Сигнатуры

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process
T1059.001 url_cmdline: Cmdline of process contains URL
T1059.003 url_cmdline: Cmdline of process contains URL

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Command and Control

T1102.003 cloud_discord: Connects to cloud services of Discord (potentially for malicious payload delivery)

Other

yara_rules: Static rules
only_exec_in_archive: The archive contains only an executable file
has_pdb: This executable file has a PDB path
get_policy_info: Retrieves information about a Policy object
suricata_alert: Malicious traffic detected