Managed XDR
Group-IB MDP Report
File info
Filename: lbb_ps1_pass.ps1
File Type: ASCII text, with very long lines, with CRLF, LF line terminators
File Size: 590.7 KB
Env info
win7/x86 en
Hashes
SHA1: 8d3756c9e7a78a5a7dd8fca67e7de51a9ea59a52
SHA256: 0c516038b8f216fb87ebc0d4335fff4013c9b2a80c682069071ec9ae9e2005e9
MD5: 7e525ef64a4e27fbb325d7cb4653f0a1
Signatures
Privilege Escalation
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1497.001 antivm_queries_computername: Retrieves the computer name
Discovery
T1135 server_share_info: Retrieves information about each shared resource on a server
T1497.001 antivm_queries_computername: Retrieves the computer name
Other
yara_rules: Static rules
unexpected_exception: Unexpected exception
create_rpc_bindings: Creates RPC connection
get_policy_info: Retrieves information about a Policy object
checktokenmembership: Checks user token with CheckTokenMembership call
next report: 32d25f56-56d9-46c0-bfba-b59645922a25
previous report: 33a78b69-630f-4b22-b1f4-53621166ab20
Managed XDR