Managed XDR

up-to-date-emergency-exit-map.msg — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
up-to-date-emergency-exit-map.msg
Тип файла
CDFV2 Microsoft Outlook Message
Размер файла
148.5 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
fa4e5d794e2a23c90fb6b53158b62112dc5edaf1
SHA256
e884fc6d725ae901a455fbaac14926da7ff4dccc50a42f8203ea4f44cde82946
MD5
50bc9b7e46abc24350bf69b5d74fccee

Сигнатуры

Execution

T1059.001 suspicious_powershell: Suspicious document behaviour (creates powershell process)
T1059.001 suspicious_process: Spawns a suspicious process
T1072 detect_putty: Traces typical for Putty are detected in the system
T1204.002 office_vb_load: Microsoft Office is loading VB DLL files (macros usage indicator)
T1064 office_macros: The document contains macroses (total: 4)

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1064 office_macros: The document contains macroses (total: 4)
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Lateral Movement

T1072 detect_putty: Traces typical for Putty are detected in the system

Other

creates_exe: Creates executable files in the file system
dns_without_resolve: DNS query without a response
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card
checktokenmembership: Checks user token with CheckTokenMembership call
yara_rules: Static rules