Managed XDR

vtdl_1747995268_8d79mcyl — malware analysis report

File info

Filename
vtdl_1747995268_8d79mcyl
File type
CDFV2 Microsoft Outlook Message
File size
4.3 MB
First seen
Last seen

Environment

win7/x64 en

Hashes

SHA1
6cb2d3b022e21de9c78da528c815ee9531622396
SHA256
5c3f978f3a5b24dc4ac200d48b2d1716102e8f44eb4612eefb2987ad9ceca409
MD5
d4269cf9c63e4f2fbda5599956e30a85

Signatures

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1204.002 mimics_extension: Attempts to mimic the file extension
T1059.003 suspicious_batch: Suspicious batch

Privilege Escalation

T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036 copies_utilities: Copies and runs system utility with different name
T1036 mimics_extension: Attempts to mimic the file extension
T1564.001 stealth_file: Creates hidden or system files
T1497.001 antivm_queries_computername: Retrieves the computer name
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

codepage: Checks the system code page
executes_dropped_exe: Executes dropped exe files
no_graphical_activity: No graphic activity