Managed XDR

c-users-user-appdata-l...rida-helper-32.exe.tmp — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-users-user-appdata-local-temp-frida-e9eb4c76cb7fdcaa774472590966c796-frida-helper-32.exe.tmp
Тип файла
PE32 executable (console) Intel 80386, for MS Windows
Размер файла
3.6 MB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
643110665acdffe78aae4e630350c1aadcb94721
SHA256
7388d57b7dbea52c6c92c81a383bc6e6ac28f629ccf52478d43d5d8681bb4058
MD5
7924a1a0b4ce66678a4dd312c9563d54

Сигнатуры

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
unexpected_exception: Unexpected exception
has_pdb: This executable file has a PDB path
pe_overlay: PE file contains overlay