Managed XDR

4.20251010.20260428.95...t.web.cspambo08.nm.eml — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
4.20251010.20260428.95778.36202.140125814126336.1.spamreport.web.cspambo08.nm.eml
Тип файла
ASCII text, with CRLF line terminators
Размер файла
161 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
9feee1d2b4ee68c0349177c8db87a2ed53ac99f1
SHA256
3ebd01ffd0b61710a7b630717eaafe2f5fb9478cd113004c378d591fa7d29b0c
MD5
c42c5ec56d6dc38f53e79b95653c71aa

Сигнатуры

Execution

T1059.001 suspicious_process: Spawns a suspicious process
T1059.003 suspicious_batch: Suspicious batch

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

yara_rules: Static rules
runs_utility_without_cmdline: Runs system utility without arguments (non-typical usage)
checktokenmembership: Checks user token with CheckTokenMembership call