Managed XDR

c-users-testpc-downloa...c537ff50920e1d087b.exe — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-users-testpc-downloads-analyse-samples-02c280735b472354058060e2408e640021f2e6ee58cccbc537ff50920e1d087b.exe
Тип файла
PE32+ executable (console) x86-64, for MS Windows
Размер файла
15.8 MB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x64 en

Хеши

SHA1
707d501b6539dceaca3d3730fedb0c182b006224
SHA256
0c19fc6887a8970dca7089c9df0ec6799be5965ff28b016382ca2bd25dacd530
MD5
c4ef95c131adf59fb552a6cd061c5cf6

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1564.001 stealth_file: Creates hidden or system files
T1027.002 pe_features: Executable file has PE anomalies (may be false positive)
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1552.001 infostealer_bitcoin: Attempts to obtain access to Bitcoin/ALTCoin wallets

Impact

T1565 modifies_hostfile: Writes data to system hosts file

Other

network_bind: Starts servers listening at 0.0.0.0:80
creates_exe: Creates executable files in the file system
creates_suspended_process: Creates suspended process
test_check_service: Starts services
writes_data: Writes big amount of data to disk
pe_overlay: PE file contains overlay
yara_rules: Static rules