Managed XDR

d82e6773-e0b6-4861-45c...-7b45-a18a282f5038.eml — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
d82e6773-e0b6-4861-45c2-08dde8f56c7c-9f5cf2d4-db13-b7ac-7b45-a18a282f5038.eml
Тип файла
RFC 822 mail, ASCII text, with CRLF line terminators
Размер файла
2.4 MB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x86 en

Хеши

SHA1
cdb571af0508a33728bd1dba55584efa4d2d4c0e
SHA256
d8fc55a9b998c47048c4180982533d3c49616881fe745df73663254de0293661
MD5
43d355de3259e62315570c3e1d65a31f

Сигнатуры

Initial Access

T1192 html_urls: HTML-document downloads a file

Execution

T1204.002 office_com_load: Microsoft Office loads COM DLL files (indicator of COM usage in macros)

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents

Command and Control

T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet

Other

yara_rules: Static rules
networkdyndns_checkip: Connects to a Dynamic DNS domain
test_check_service: Starts services
checktokenmembership: Checks user token with CheckTokenMembership call
suricata_alert: Malicious traffic detected