Managed XDR

vtdl_g2ls3ai1 — malware analysis report

File info

Filename
vtdl_g2ls3ai1
File type
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Icon number=0, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hidenormalshowminimized
File size
20.9 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
3bf625487c1fdfa02cdb9a0e600a6cb2b1c5d1be
SHA256
7eac122dcdcf3c763e42491db7667f0b87f8b9bdd74d6c85515f32f40a9f037f
MD5
3805a629a15c5491084857c1b2478a7b

Signatures

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

dead_host: Connects to IP addresses that do not respond to requests
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
yara_rules: Static rules