Managed XDR

8c60ad4a832330bff1242d...c5813e5115d151440c.eml — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
8c60ad4a832330bff1242d11fd4ccd7d0d91618983ae26c5813e5115d151440c.eml
Тип файла
HTML document, ASCII text, with very long lines, with CRLF line terminators
Размер файла
1.7 MB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x86 en

Хеши

SHA1
e6066fd54f9fa802a6bf2c07e2f0efd05a910de0
SHA256
1a845820bab41a0feb2d04f00704e21d6fe9c8c43070906b10f2c90ff595c569
MD5
10c77e2e47c0280dbdf9c106cb597612

Сигнатуры

Initial Access

T1192 html_urls: HTML-document downloads a file

Privilege Escalation

T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

dotnet_suspicious_module: Dotnet Suspicious Module
pe_in_bcryptdecrypt: PE found in BCryptDecrypt function
no_graphical_activity: No graphic activity
dotnet_import_unmanaged_code: Dotnet program statically imports unmanaged functions/modules
writes_data: Writes big amount of data to disk
yara_rules: Static rules
Managed XDR