Managed XDR

2004-11-11_17-12-04_getdataback.msg — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
2004-11-11_17-12-04_getdataback.msg
Тип файла
CDFV2 Microsoft Outlook Message
Размер файла
1.1 MB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
3ab5bd2eb26280d48ae31251229efd957061c392
SHA256
9fd858e7a4690aca1f33552ce01a825f3607430980e1b78598c086ef9f60a103
MD5
8f302cbbdaf82bb046f3ada5e8f21320

Сигнатуры

Execution

T1106 susp_callbacks: Suspicious usage of some WinAPI with callbacks

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_upx: The executable file is compressed using UPX
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1027.002 pe_features: Executable file has PE anomalies (may be false positive)
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1480 system_default_lang_id_present: Checks the system language

Credential Access

T1552 cookie_files: Accesses cookie files
T1555.003 cookie_files: Accesses cookie files

Discovery

T1497.003 antisandbox_sleep: The process attempted to slow down analysis

Other

yara_rules: Static rules
static_pe_anomaly: The PE file structure contains anomalies
no_graphical_activity: No graphic activity
message_box: Displays a message
get_policy_info: Retrieves information about a Policy object
checktokenmembership: Checks user token with CheckTokenMembership call