Managed XDR

autorecovery-save-of-ad-attacks.asd — malware analysis report

File info

Filename: autorecovery-save-of-ad-attacks.asd
File type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Total Editing Time: Sun Feb 15 21:38:00 9767, Create Time/Date: Thu Apr 10 15:24:00 2025, Number of Pages: 102, Number of Words: 17706, Number of Characters: 100929, Security: 0
File size: 1.3 MB
First seen: 2025-04-10 08:17
Last seen: 2025-04-10 08:17

win7/x86 en

T1192 html_urls: HTML-document downloads a file

T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

T1497.001 antivm_queries_computername: Retrieves the computer name

T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

T1497.001 antivm_queries_computername: Retrieves the computer name

T1135 server_share_info: Retrieves information about each shared resource on a server

T1102.003 references_github: Contains links to cloud services of Github (potentially for malicious payload delivery)

yara_rules: Static rules

create_rpc_bindings: Creates RPC connection

get_policy_info: Retrieves information about a Policy object

test_check_service: Starts services

office_links: Office file contains external links

antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card

checktokenmembership: Checks user token with CheckTokenMembership call

Managed XDR