Managed XDR

vtdl_1744059601_7bwybycc (FlawedAmmyy) — malware analysis report

File info

Filename
vtdl_1744059601_7bwybycc
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
110.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
1f6018a122b2398472c5b4597864a62b410ab92a
SHA256
00d6ffe816381315a38b899fe0be0fa89572cecca3e207079f11575bee29072c
MD5
a333e3b9214757a179d55984394adcce

Malwares

  • FlawedAmmyy

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1070 stealth_window: A process created a hidden window
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1087.001 local_account_discovery: Enumerates local accounts
T1087.002 domain_account_discovery: Collects information about accounts and groups in domain

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
get_policy_info: Retrieves information about a Policy object

Related reports

Managed XDR