Managed XDR

7b0d8a19aaaee3724fb895...f43265d2a6-dropped.bin — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
7b0d8a19aaaee3724fb895ec9d592058bf7a1d3f91d1ce16ea2083f43265d2a6-dropped.bin
Тип файла
PE32 executable (GUI) Intel 80386, for MS Windows
Размер файла
538.1 KB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x64 en

Хеши

SHA1
a0e73a60237a7f0fe7dd9815e82a5544d70b9a1a
SHA256
7b0d8a19aaaee3724fb895ec9d592058bf7a1d3f91d1ce16ea2083f43265d2a6
MD5
812de3e08765b363b75578662ef3c1fc

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1497.001 antivm_generic_productname: Checks system product name in registry, possibly for anti-virtualization
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_generic_productname: Checks system product name in registry, possibly for anti-virtualization

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
require_administrator: Requests administrator privileges
creates_in_programdata: Creates files in the ProgramData directory
writes_data: Writes big amount of data to disk
pe_overlay: PE file contains overlay
ce_info: SimpleHelp Configuration Data found
valid_authenticode: The digital signature has been verified
Managed XDR