Managed XDR

716213797beb6f9b8ac203...fe3f32e75f8aff3a74.eml — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
716213797beb6f9b8ac203c238592b6d72fd77e8ceb95ffe3f32e75f8aff3a74.eml
Тип файла
HTML document, ASCII text, with very long lines, with CRLF line terminators
Размер файла
1.7 MB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x86 en

Хеши

SHA1
61ce7ec19f480a3660aba9ffdfc836711be85fce
SHA256
a7548c7efaf75cd0e98fd478aab5dc702b9b4d9ac3f389ca2350cc057a8b58c1
MD5
191930d899c0fd56fd38241a3bcc7d1c

Сигнатуры

Execution

T1204.002 mimics_extension: Attempts to mimic the file extension

Privilege Escalation

T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036 mimics_extension: Attempts to mimic the file extension
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
pe_in_bcryptdecrypt: PE found in BCryptDecrypt function
no_graphical_activity: No graphic activity
dotnet_suspicious_resources_names: Dotnet program has suspicious resources names
dotnet_obfuscated: Dotnet program is potentially obfuscated
test_check_service: Starts services
dotnet_suspicious_entrypoint: Dotnet program has suspicious entrypoint
suricata_alert: Malicious traffic detected
dotnet_suspicious_module_name: Dotnet program has suspicious module name
Managed XDR