Managed XDR

data (Hupigon) — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
data
Тип файла
PE32 executable (GUI) Intel 80386, for MS Windows
Размер файла
748.5 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
42cf888ca44572929c854c41e468bdc49fb3ff5f
SHA256
507bc7724f6a3c491f6738dfccf7bde7559c5d42cd0df980a9ac17bb7a2126fc
MD5
0e991a8b76ecee7d6887586654e925cf

Вредоносное ПО

  • Hupigon

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1033 sam_users_discovery: Enumerates users or groups in system with SAM API
T1518 locates_browser: Attempts to identify where browsers are installed
T1087.001 local_account_discovery: Enumerates local accounts

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
executes_dropped_exe: Executes dropped exe files
no_graphical_activity: No graphic activity
create_rpc_bindings: Creates RPC connection
require_administrator: Requests administrator privileges
creates_in_programdata: Creates files in the ProgramData directory
checktokenmembership: Checks user token with CheckTokenMembership call

Похожие отчёты