Managed XDR

reshopdrawings.eml20250701-8-j9l5wg — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
reshopdrawings.eml20250701-8-j9l5wg
Тип файла
SMTP mail, ASCII text, with very long lines, with CRLF line terminators
Размер файла
1.9 MB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
b669d62625183031ca5cf988183ac8b46e112a93
SHA256
cf32cb4c654d59febdf50997ff05beb3ec818a0b390455bea563b22fdcc4b450
MD5
744c103d9db68aa1c0f61e5ef06107eb

Сигнатуры

Execution

T1059.007 pdf_js: PDF contains JavaScript

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
pdf_page: Contains only one page
pdf_compressed_stream: Contains an object with compressed stream
get_policy_info: Retrieves information about a Policy object