Managed XDR

remote-accesswinlauncher.exe_icon.exe — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
remote-accesswinlauncher.exe_icon.exe
Тип файла
PE32+ executable (GUI) x86-64, for MS Windows
Размер файла
633.7 KB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x64 en

Хеши

SHA1
fb78f17ad81f019c30ca924271311b38cf298c26
SHA256
2c6589703378404a6267fe991eba0ac2b03791a5f5b79d684363e6e45b26a184
MD5
2e9822e2a79ef656e48ffd3b59ea4c07

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
require_administrator: Requests administrator privileges
creates_in_programdata: Creates files in the ProgramData directory
test_check_service: Starts services
pe_overlay: PE file contains overlay
ce_info: SimpleHelp Configuration Data found
valid_authenticode: The digital signature has been verified
Managed XDR