Managed XDR

word-embeddings-oleobject1.bin (Coinminer) — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
word-embeddings-oleobject1.bin
Тип файла
Composite Document File V2 Document, Cannot read section info
Размер файла
786.5 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x64 en

Хеши

SHA1
acbe58bdb01cd3f7c097176c6a2720f5a8bccd9c
SHA256
dcc60571e17e2238422408c4cd9b678031669ca368c6c945497fd9ca0e7ea7ac
MD5
f48e3c884a746d73ab008f0f290cf11e

Вредоносное ПО

  • Coinminer

Сигнатуры

Privilege Escalation

T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antivm_network_adapters: Checks NIC addresses
T1027.002 pe_features: Executable file has PE anomalies (may be false positive)
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_network_adapters: Checks NIC addresses

Other

yara_rules: Static rules
dead_host: Connects to IP addresses that do not respond to requests
static_pe_duplicate_sections: The PE file structure contains anomalies: duplicate section names

Похожие отчёты