Managed XDR

home-farm-anteroom-e39...22eead74379a082a4af464 — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
home-farm-anteroom-e39-79d-e3979d7b93b4b97c061965ea251a06d35e5d704f5022eead74379a082a4af464
Тип файла
ISO-8859 text, with very long lines, with CRLF, CR, LF line terminators
Размер файла
308.8 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
e0ae74c8f5aac53c9313fe437944e80e4fc91aa6
SHA256
e3979d7b93b4b97c061965ea251a06d35e5d704f5022eead74379a082a4af464
MD5
40a096df92bdedca6f170010be5c21ab

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents

Discovery

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1083 checks_recent_files: Attempt to check recently opened files through registry

Other

yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card