Managed XDR

rfq-20_commercial_-aut...11880051014415520-.asd — malware analysis report

File info

Filename: rfq-20_commercial_-autosaved-311880051014415520-.asd
File type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Jun 23 16:40:00 2025, Number of Pages: 1, Number of Words: 5, Number of Characters: 33, Security: 0
File size: 691 KB
First seen: 2025-06-23 09:28
Last seen: 2025-06-23 09:28

win7/x64 en

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

T1027.002 packer_entropy: Probably contains compressed or encrypted data

T1497 checks_firmware: Attempts to read firmware information (potentially for evasion)

T1497.001 antivm_queries_computername: Retrieves the computer name

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

T1497 checks_firmware: Attempts to read firmware information (potentially for evasion)

T1497.001 antivm_queries_computername: Retrieves the computer name

T1135 server_share_info: Retrieves information about each shared resource on a server

T1082 checks_firmware: Attempts to read firmware information (potentially for evasion)

yara_rules: Static rules

office_embedded: Office document contains embedded executable file(s)

create_rpc_bindings: Creates RPC connection

get_policy_info: Retrieves information about a Policy object

test_check_service: Starts services

antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card

pe_overlay: PE file contains overlay