Managed XDR

aa.jar — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
aa.jar
Тип файла
Zip archive data, at least v2.0 to extract
Размер файла
639.6 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
78416bb53e507305ab1d8a4de69c7bc4fb4d474e
SHA256
aba2737d0e4a4a820ad86a723e7ab3b7784595a46b69f7c1602bc026e185fc06
MD5
595fa5a4bec047d3d28edcdb5ee18d45

Сигнатуры

Persistence

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup

Privilege Escalation

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
dead_host: Connects to IP addresses that do not respond to requests
creates_in_programdata: Creates files in the ProgramData directory
suspicious_network_port: Performs TCP or UDP request to non-standard port
suricata_alert: Malicious traffic detected