Managed XDR

vade_clean_varist_posi...data_2nd_batch_163.eml — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
vade_clean_varist_positive_data_2nd_batch_163.eml
Тип файла
ASCII text
Размер файла
914 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
70464bcb3cd02255550456ea84f9c5400733538c
SHA256
7d21f7541e1e0f8bdd8becd6c76c1dc2cf814e8066de1e9ab44daa37a3464b57
MD5
2761f93407946f65c5604ed2738d4fd7

Сигнатуры

Execution

T1059 autoit: AutoIt script execution detected
T1059 autoit_suspicious_script: Autoit contains suspicious script

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
message_box: Displays a message
error_drawtext: An error occured while executing the file