Managed XDR

vtdl_rqh8v5me — malware analysis report

File info

Filename
vtdl_rqh8v5me
File type
Microsoft Word 2007+
File size
10.1 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
f0d926b765bd721039655ec89feb443c55bd98ed
SHA256
c256a5e247270607dfe042e9131554e4d840b2d4c974207951d7a659e4b13cdb
MD5
2ccb34d2f91b69f98a43972f7b8cabe8

Signatures

Execution

T1559 suricata_alert: Malicious traffic detected
T1559 get_sid_domain: Get user's SID
T1559 test_check_service: Starts services
T1559 create_rpc_bindings: Creates RPC connection

Privilege Escalation

T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges

Defense Evasion

T1497.001 antivm_queries_computername: Retrieves the computer name
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name
T1083 checks_recent_files: Attempt to check recently opened files through registry

Command and Control

T1071.001 network_http: Performs HTTP requests
T1071.001 winhttp_https: Performs HTTP/HTTPS requests using WinHttp
T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet

Other

yara_rules: Static rules
get_memory_status: Gets information about the virtual and physical memory of the system
get_username: Gets username