Managed XDR

wg-ext-brt-avviso-di-c...onsegna-id9088872-.msg — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
wg-ext-brt-avviso-di-consegna-id9088872-.msg
Тип файла
CDFV2 Microsoft Outlook Message
Размер файла
17.3 MB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
0ed50db802da43a7e81387acf50ea8d3088ba1fe
SHA256
20a64471644d74f660b6681644ff97d8dddd4d11ff1473069b600dda33b1a10c
MD5
b739880a9a2e07c61153eab184e62bc2

Сигнатуры

Execution

T1059.007 bad_js: Suspicious Javascript file

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
break_limit_exceeded: Warning: function calls limit has been exceeded
message_box: Displays a message
error_drawtext: An error occured while executing the file
checktokenmembership: Checks user token with CheckTokenMembership call