Managed XDR

setuphost.exe — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
setuphost.exe
Тип файла
PE32+ executable (GUI) x86-64, for MS Windows
Размер файла
1024 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x64 en

Хеши

SHA1
ad1e5464e870782ba2650a4fdae3a6486e0033a2
SHA256
452f31883edf7cc46025a00a04a85e2538f29defa3f9c0ac82fb2a7aa9a12589
MD5
a618a19f998987825c8ab4b8a1aaf7b6

Сигнатуры

Persistence

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup

Privilege Escalation

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1497 evasion_diskenum: Sandbox evasion using enumeration of partitions
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497 evasion_diskenum: Sandbox evasion using enumeration of partitions

Collection

T1074.001 access_recyclebin: Manipulation with recyclebin detected

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
unnamed_region_exception_handler: Creates an exception handler in an unnamed region
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path
creates_in_programdata: Creates files in the ProgramData directory
pe_overlay: PE file contains overlay