Managed XDR

upxpacked_38cb78f2e233...c2f8f42cab3d568da20243 — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
upxpacked_38cb78f2e2334f2485ad6c481623cd534d0735cfc5c2f8f42cab3d568da20243
Тип файла
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Размер файла
1 MB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
bdf549d96efac6a9fa19df9636724755f3121ee8
SHA256
a2b8900d573217bd2eb6e1c70b1b0b550015aa3be0c6a0067b4df55c9e428031
MD5
47fd37081d023f63a67f951e63605ffa

Сигнатуры

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_upx: The executable file is compressed using UPX
T1497 antidbg_query_process: Checks if the process is being debugged (ProcessDebugPort)
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497 antidbg_query_process: Checks if the process is being debugged (ProcessDebugPort)

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity