Managed XDR

vtdl_1750468742_z4ecjw7g (Mydoom) — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
vtdl_1750468742_z4ecjw7g
Тип файла
news or mail, UTF-8 Unicode text
Размер файла
78.3 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
e24ffbf3842a0278bbc9f2929beb7fa85244ac86
SHA256
eb5d04099a585472b506187c7cf95203a538519c7fad8cc32b8dc2172fb2f05c
MD5
d5ba682dee27c32e32610d61781a4275

Вредоносное ПО

  • Mydoom

Сигнатуры

Execution

T1204.002 mimics_extension: Attempts to mimic the file extension

Persistence

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup

Privilege Escalation

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036 mimics_extension: Attempts to mimic the file extension
T1027.002 packer_polymorphic: Creates a modified copy of itself
T1036 system_filename: Created a file named as a common system file
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1027.002 packer_upx: The executable file is compressed using UPX
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1555.003 cookie_files: Accesses cookie files
T1552 cookie_files: Accesses cookie files

Discovery

T1497.003 antisandbox_sleep: The process attempted to slow down analysis

Command and Control

T1071.003 network_smtp: Sends emails, possibly SPAM

Other

yara_rules: Static rules
suricata_alert: Malicious traffic detected
creates_exe: Creates executable files in the file system
creates_in_windows: Creates files in the Windows directory
copies_self: Creates a copy of itself
network_bind: Starts servers listening at 0.0.0.0:1042
dead_host: Connects to IP addresses that do not respond to requests
network_ftp: Performs FTP requests
no_graphical_activity: No graphic activity
access_recyclebin: Manipulation with recyclebin detected
get_policy_info: Retrieves information about a Policy object
pe_overlay: PE file contains overlay

Похожие отчёты