Managed XDR

testokok.jar — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
testokok.jar
Тип файла
Zip archive data, at least v2.0 to extract
Размер файла
722 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
0ca365238d081a571d7c82a3894967950fb9682d
SHA256
88f9a7611879ff4581c35b5527be015520c00f8fad95ae2353889e46c94ff6ea
MD5
23b62cd25d750e6baa5b6d0eb846e229

Сигнатуры

Persistence

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup

Privilege Escalation

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1564.001 stealth_file: Creates hidden or system files
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

networkdyndns_checkip: Connects to a Dynamic DNS domain
code_share_services: Connects to text storage services (potentially for malicious payload delivery)
dns_without_resolve: DNS query without a response
creates_in_programdata: Creates files in the ProgramData directory
suricata_alert: Malicious traffic detected