Managed XDR

patch.zip — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
patch.zip
Тип файла
Zip archive data, at least v1.0 to extract
Размер файла
986.5 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
0f79d0b9265347fa18cc4a9900354bf1fe29beff
SHA256
571d9eb9783e2881d406007f5b3191a0465dd75e73570c000d6970aa698e1050
MD5
72b7d516207cbd75ae3c88ab59197c7f

Сигнатуры

Execution

T1047 has_wmi: Executes one or several WMI requests

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1082 has_wmi: Executes one or several WMI requests
T1497.003 antisandbox_sleep: The process attempted to slow down analysis

Other

yara_rules: Static rules
only_exec_in_archive: The archive contains only an executable file
require_administrator: Requests administrator privileges
has_pdb: This executable file has a PDB path
dotnet_antimetadata_analysis: Dotnet program has anti-analysis tricks
dotnet_import_unmanaged_code: Dotnet program statically imports unmanaged functions/modules
get_policy_info: Retrieves information about a Policy object
dotnet_use_suspicious_functions: Dotnet program potentially uses suspicious functions/modules