Managed XDR

vtdl_1736803768_yyxidkpy — malware analysis report

File info

Filename
vtdl_1736803768_yyxidkpy
File type
Microsoft Word 2007+
File size
759.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
484338cbfb16e36e739b1cf813c611497ea9d1be
SHA256
970abea3828caad9724f4f9fd3cdec75956a8ff3d304b1e73dbfd9dbb3085e1a
MD5
2e493ad6654035478e4c0164a4f5f89d

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1083 checks_recent_files: Attempt to check recently opened files through registry

Other

yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
office_links: Office file contains external links
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card