Managed XDR

f93e7dc3d322a8e6ce262f...a561e325a4002f4947.eml — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
f93e7dc3d322a8e6ce262fc09a413a570ac2e4c416fe96a561e325a4002f4947.eml
Тип файла
ASCII text, with very long lines, with CRLF line terminators
Размер файла
35.2 KB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x86 en

Хеши

SHA1
e68a177f2ce29ee49455bd2e9420163b67ec1df6
SHA256
691c39c815adfa55f2213d98da53c1785f933098f7afce9b9e2d337679c5c446
MD5
19f3314dd478a473f98fd58b4d00a8bd

Сигнатуры

Execution

T1059 network_wscript_downloader: Wscript.exe initiated network communication
T1059.007 bad_js: Suspicious Javascript file

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)

Credential Access

T1552 cookie_files: Accesses cookie files
T1555.003 cookie_files: Accesses cookie files

Discovery

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)

Command and Control

T1071 network_wscript_downloader: Wscript.exe initiated network communication
T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet

Other

suricata_alert: Malicious traffic detected
no_graphical_activity: No graphic activity
checktokenmembership: Checks user token with CheckTokenMembership call
writes_data: Writes big amount of data to disk