Managed XDR

af9aadd6-5212-af06-b898-9ffddaa12c8b.eml — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
af9aadd6-5212-af06-b898-9ffddaa12c8b.eml
Тип файла
RFC 822 mail, ASCII text, with CRLF line terminators
Размер файла
13 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x64 en

Хеши

SHA1
3d413197a8a47694eed5c5dbb3743d3830d0b266
SHA256
410f7f9725c51af1f22cc5afd41184d67e70cd5569f56b45752f5fc18042f0e7
MD5
50076ce9d3ab8a81ea71a57a8628fd3c

Сигнатуры

Execution

T1203 office_exploit_crash: Microsoft Office process crashes (failed exploitation of a vulnerability is possible)

Persistence

T1574.011 persistence_services: Modifies Services registry key
T1543.003 persistence_services: Modifies Services registry key

Privilege Escalation

T1574.011 persistence_services: Modifies Services registry key
T1543.003 persistence_services: Modifies Services registry key
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1574.011 persistence_services: Modifies Services registry key
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1497 evasion_printers: Attempts to detect Sandbox by exploring existing printers

Discovery

T1497 evasion_printers: Attempts to detect Sandbox by exploring existing printers

Other

yara_rules: Static rules
process_crashed: One of the processes has failed
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card
Managed XDR