Managed XDR

euro-confirmation-sp-.docx — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
euro-confirmation-sp-.docx
Тип файла
Zip archive data, at least v1.0 to extract
Размер файла
27.7 KB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x86 en

Хеши

SHA1
e66ad71ff55a04c9af724367488f77132a32812f
SHA256
aa54b03ea465d25049f048147cbf93f919425154c3d1a35d879f8bd52c07b22e
MD5
55f38ff9ecffbba1746df0abbc8ac66d

Сигнатуры

Execution

T1064 office_macros_suspicious: Document contains suspicious macro
T1204.002 office_com_load: Microsoft Office loads COM DLL files (indicator of COM usage in macros)
T1064 office_macros: The document contains macro
T1064 office_macros_strings: Feature lines found in document macro

Defense Evasion

T1064 office_macros_suspicious: Document contains suspicious macro
T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1064 office_macros: The document contains macro
T1064 office_macros_strings: Feature lines found in document macro

Credential Access

T1056.001 infostealer_keylogger: Keylogger (intercepts keystrokes)

Discovery

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents

Collection

T1056.001 infostealer_keylogger: Keylogger (intercepts keystrokes)

Command and Control

T1071.001 network_http: Performs HTTP requests
T1071.001 winhttp_https: Performs HTTP/HTTPS requests using WinHttp
T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet

Other

yara_rules: Static rules
creates_doc: Creates (office) documents in the file system
creates_suspended_process: Creates suspended process
test_check_service: Starts services
suricata_alert: Malicious traffic detected