Managed XDR

c-users-user-appdata-r....tmp-1724360600694.tmp — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-users-user-appdata-roaming-microsoft-.tmp-1724360600694.tmp
Тип файла
PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Размер файла
2 MB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
47cf8f321307ecc6ad01c3e1a84bdc0571649ced
SHA256
5b9e355486949955f37978d29c9760243cca02baf022071ffab94be423e58b3f
MD5
178631190ba8067068bb40fd319c70dc

Сигнатуры

Persistence

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup

Privilege Escalation

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1564.001 stealth_file: Creates hidden or system files
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1480 system_default_lang_id_present: Checks the system language

Other

networkdyndns_checkip: Connects to a Dynamic DNS domain
copies_self: Creates a copy of itself
dns_without_resolve: DNS query without a response
creates_in_programdata: Creates files in the ProgramData directory
pe_overlay: PE file contains overlay
suricata_alert: Malicious traffic detected