Managed XDR

microsoft-office-365-p...ne-installer-3.2.1.rar — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
microsoft-office-365-proplus-online-installer-3.2.1.rar
Тип файла
RAR archive data, v2.0, os: Unix
Размер файла
7.3 MB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
a8104cc3f137a8acffe87412b4283aa910b51b79
SHA256
8063b89ccb12d382d90d5f8b60bb0d08854a84c2dcb54c40c4a6287d5bab60bb
MD5
5ed17446c7154300cde2a906d46cfd2d

Сигнатуры

Execution

T1059.003 suspicious_batch: Suspicious batch

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

yara_rules: Static rules
codepage: Checks the system code page
has_pdb: This executable file has a PDB path
checktokenmembership: Checks user token with CheckTokenMembership call
pe_overlay: PE file contains overlay
many_files_in_archive: The archive contains more than 5 files