Managed XDR
Group-IB MDP Report
File info
Filename: jay_-20tiongzon-autosaved-311586993679122096-.asd
File Type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: Khrista Cathryn B. Paran, Template: Normal.dotm, Last Saved By: Jay Yan C. Tiongzon, Revision Number: 4, Name of Creating Application: Microsoft Office Word, Total Editing Time: 27:00, Last Printed: Mon Nov 18 12:32:00 2024, Create Time/Date: Tue Jan 28 12:21:00 2025, Last Saved Time/Date: Tue Jan 28 12:48:00 2025, Number of Pages: 1, Number of Words: 154, Number of Characters: 883, Security: 0
File Size: 218.5 KB
Env info
win7/x86 en
Hashes
SHA1: 5f7d038ddc38549aeab3f86f374ec46dd532d760
SHA256: 9d4af5acda0c3fb3c668f95c22099a47575be7afc2e51fd978c52f9a448833d1
MD5: 9d99a9d617bd9547bab4896a437533bb
Signatures
Execution
T1064 office_macros_suspicious: Document contains suspicious macro
T1064 office_macros: The document contains macro
T1064 office_macros_autoexec: The document contains an auto-start macro
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1064 office_macros_suspicious: Document contains suspicious macro
T1497.001 antivm_queries_computername: Retrieves the computer name
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1064 office_macros: The document contains macro
T1064 office_macros_autoexec: The document contains an auto-start macro
Discovery
T1497.001 antivm_queries_computername: Retrieves the computer name
Other
yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card
next report: fbed1d28-66cf-4dfb-b3dd-87b506a01d7b
previous report: fe1f7ee3-6c02-4d7d-ae46-fd2611655294
Managed XDR