Managed XDR

1.hta (Cobalt Strike) — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
1.hta
Тип файла
HTML document, ASCII text, with very long lines, with CRLF line terminators
Размер файла
286.6 KB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x64 en

Хеши

SHA1
246834b1c232e9d9817115d8c3725bb1145b1891
SHA256
d388fdbcb51377fdaf39309e784111d4db0168c7b7ada58455160c31f6cea2ae
MD5
ce6a0223f01f94811dfd4147e16a8208

Вредоносное ПО

  • Cobalt Strike

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497 evasion_printers: Attempts to detect Sandbox by exploring existing printers
T1497.002 antivm_usbstor: Reads information about usbdevices from regkey
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1555.004 windows_credential_manager: Acquire credentials from the Windows Credential Manager

Discovery

T1497 evasion_printers: Attempts to detect Sandbox by exploring existing printers
T1497.002 antivm_usbstor: Reads information about usbdevices from regkey

Other

yara_rules: Static rules
suspicious_network_port: Performs TCP or UDP request to non-standard port
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card
writes_data: Writes big amount of data to disk

Похожие отчёты