Managed XDR
Group-IB MDP Report
File info
Filename: c-program-files-common-files-microsoft-shared-stationery-desktop.ini
File Type: PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
File Size: 4.1 MB
Env info
win7/x64 en
Hashes
SHA1: 3c8e8fa18a4d98a6bc31ed3ac3082538c857da4a
SHA256: 578707539e731c3c9375573fad3657b3f0aac0ac4781d2f8cc29abaff86b0ccb
MD5: 1266fcbdf6a8d6e0cc630d3ec2828c7d
Signatures
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1027.002 packer_polymorphic: Creates a modified copy of itself
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Discovery
T1518 locates_browser: Attempts to identify where browsers are installed
Collection
T1074.001 access_recyclebin: Manipulation with recyclebin detected
Other
yara_rules: Static rules
creates_exe: Creates executable files in the file system
creates_der: Creates a certificate file (DER)
creates_doc: Creates (office) documents in the file system
creates_in_programdata: Creates files in the ProgramData directory
writes_data: Writes big amount of data to disk
pe_overlay: PE file contains overlay
next report: 66b40830-ba3e-44aa-b0b8-b1de85e9b636
previous report: 2a20f539-b0fc-40b3-ac1f-6b1bc96b1c97
Managed XDR