Managed XDR

consoleapp1.exe — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
consoleapp1.exe
Тип файла
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Размер файла
11 KB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x64 en

Хеши

SHA1
300e9a4ac05a22cd8c633b9906d3c0549fe9abee
SHA256
51400a44b1fe479a750842d8516e6f945782f8c8c75d0eb53c3c4ccc8750d971
MD5
14f8c4f122566eed93665f37315d8587

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antivm_network_adapters: Checks NIC addresses
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1497.001 antivm_queries_computername: Retrieves the computer name

Discovery

T1497.001 antivm_network_adapters: Checks NIC addresses
T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
dead_dotnet_downloader: Dead hosted dotnet downloader
static_pe_anomaly: The PE file structure contains anomalies
dead_host: Connects to IP addresses that do not respond to requests
process_crashed: One of the processes has failed
has_pdb: This executable file has a PDB path
dotnet_import_unmanaged_code: Dotnet program statically imports unmanaged functions/modules
dotnet_obfuscated: Dotnet program is potentially obfuscated
test_check_service: Starts services
dotnet_suspicious_entrypoint: Dotnet program has suspicious entrypoint
dotnet_downloader_possible_network_problem: Dotnet program possibly has network problem