Managed XDR

vtdl_1746858828_kct4h5t5 — malware analysis report

File info

Filename
vtdl_1746858828_kct4h5t5
File type
Zip archive data, at least v1.0 to extract
File size
36.9 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
8bf301a0f818025606cc74f63ebfc7aa8468b623
SHA256
adeccc10ab4cae04d946ccb411bf789153e2fb0c35392fbf83d91397e30f729c
MD5
85608cbe7e617a730f7c3c4e74bca58b

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1497.001 antivm_queries_computername: Retrieves the computer name

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
create_process_failed: Could not start the process
only_exec_in_archive: The archive contains only an executable file
message_box: Displays a message
get_policy_info: Retrieves information about a Policy object
checktokenmembership: Checks user token with CheckTokenMembership call
pe_overlay: PE file contains overlay
executes_dropped_exe: Executes dropped exe files
static_big_overlay: Executable file contains an enormously big overlay