Managed XDR

demo.js — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
demo.js
Тип файла
ASCII text, with CRLF, LF line terminators
Размер файла
11.5 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
e9833f812a27f6ade9ca7777240cd45220bb75de
SHA256
6066bb8c984f3e65aeed3bebd02a0a7e35b8c2e164f32fcf5ca15c9fb21ccf83
MD5
789b99dd46c3c871427ad7cffc537baf

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
get_policy_info: Retrieves information about a Policy object
checktokenmembership: Checks user token with CheckTokenMembership call