Managed XDR

sniffed-executable-file (Conti, Follina) — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
sniffed-executable-file
Тип файла
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Размер файла
1.5 MB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
8dae387df4e167093e44356b3e027cbaf84f6e17
SHA256
84f1972e4582e535d7b37a46921057b00176011ef249374e697396a1e7fedb07
MD5
68a687698327e1c5a3858c0edc60123c

Вредоносное ПО

  • Conti
  • Follina

Сигнатуры

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
message_box: Displays a message

Похожие отчёты

Managed XDR