Managed XDR

attachment-20-202024-10-09t161513.707.eml — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
attachment-20-202024-10-09t161513.707.eml
Тип файла
ASCII text, with very long lines, with CRLF line terminators
Размер файла
86.5 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
ca93365ed3769c721281effd6984dca5ea0d2c8b
SHA256
96c5b2e09299a4798cea9cdc3dae197782d0a0dfe5e9c57afeb581ce1b39dbab
MD5
046c2cb1bffd142c2c69345b540891fa

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1497.002 async_mouse: Watches for mouse clicks using GetAsyncKeyState to detect human activity

Discovery

T1497.002 async_mouse: Watches for mouse clicks using GetAsyncKeyState to detect human activity

Other

yara_rules: Static rules
suspicious_pdf_link: PDF file with suspicious hyperlink or content
suspicious_pdf: PDF file with suspicious content
pdf_page: Contains only one page
get_policy_info: Retrieves information about a Policy object
office_links: Office file contains external links