vtdl_ebzkhpbd | Group-IB MDP Reports

Managed XDR

Group-IB MDP Report

Filename: vtdl_ebzkhpbd

File Type: Microsoft Word 2007+

File Size: 10.2 KB

SHA1: aae15c09c6afd341e305c58f2d750b7d4db96a91 SHA256: e6e879bc470ee16912f8574c32b6777b78cea81a7e987323fda99cd24e7d0d30 MD5: 29fcc761460ce4d1b201cf31b8b6c861

Signatures

Privilege Escalation

T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges

Defense Evasion

T1497.001 antivm_queries_computername: Retrieves the computer name

T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules

create_rpc_bindings: Creates RPC connection

next report: d69ea011-342d-4479-acce-ec6e435f0d0d

previous report: e846df4f-6499-40ea-acba-b4d3e21b9e4b

Managed XDR