Managed XDR

bbd0c3d6b6ac1e5fde08cf...1757993452971195958.gz — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
bbd0c3d6b6ac1e5fde08cf96731e26e2a9e4a5e7dd73ddcf02a4183ea7baf303-1757993452971195958.gz
Тип файла
gzip compressed data
Размер файла
4.3 MB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
c8acf7eb55dac2e34faca7a565f2b2d932c9cba4
SHA256
793d2cad11df3dea80a58da6dd21457ed2287f775724edd618c3d1acf34dd2bc
MD5
ff29c4917314b04e2473e62dddb66ed8

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
dns_tld_cc: Connects to TLD .CC, possibly malware
only_exec_in_archive: The archive contains only an executable file
suspicious_network_port: Performs TCP or UDP request to non-standard port
suricata_alert: Malicious traffic detected