Managed XDR

vtdl_1750429139_dbgj47zf — malware analysis report

File info

Filename
vtdl_1750429139_dbgj47zf
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has command line arguments, Icon number=-166, Archive, ctime=Wed May 15 05:09:07 2024, mtime=Wed Jun 11 04:49:51 2025, atime=Wed May 15 05:09:07 2024, length=236544, window=hidenormalshowminimized
File size
3 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
ee0f75b450cf3bb28f002299f61c84dd2e71554f
SHA256
888535e955c27044393817384c8655caf8992f83e3365f0b0e4d34791260bb01
MD5
ddc5cc7342824b183a189a13d72f6cb8

Signatures

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1059 suspicious_cmd_arguments: Cmd.exe uses file as a data source for the standard input stream

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object