Managed XDR

vtdl_1739802849_pbjqqrxb — malware analysis report

File info

Filename
vtdl_1739802849_pbjqqrxb
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has command line arguments, Icon number=129, Archive, ctime=Fri Nov 22 20:05:51 2024, mtime=Mon Feb 17 12:16:14 2025, atime=Fri Nov 22 20:05:51 2024, length=36864, window=hide
File size
1.9 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
70a637164163f97e56e99de618a1209d63e6b239
SHA256
f9f4beb6a53b91e8355dbfda881cb3cf296074cfa9afd66784b64b19a1a78405
MD5
0a3051adb36763db5558c845165c06d9

Signatures

Execution

T1059.007 mshta_javascript: Runs JavaScript using mshta
T1059.003 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
message_box: Displays a message
get_policy_info: Retrieves information about a Policy object
Managed XDR