Managed XDR

vtdl_qsvazfvr — malware analysis report

File info

Filename
vtdl_qsvazfvr
File type
Microsoft Word 2007+
File size
10.1 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
b78333669f326c9db33c081727417e020929defe
SHA256
5232703637f387c8062c4f740943e90b42ba7f75aa5d907d3424cb0360f9aa56
MD5
89c5b68fc772d136c1630bbba1a2014c

Signatures

Privilege Escalation

T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges

Defense Evasion

T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1497.001 antivm_queries_computername: Retrieves the computer name

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name
T1083 checks_recent_files: Attempt to check recently opened files through registry

Command and Control

T1071.001 network_http: Performs HTTP requests
T1071.001 winhttp_https: Performs HTTP/HTTPS requests using WinHttp
T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet

Other

yara_rules: Static rules
suricata_alert: Malicious traffic detected
creates_doc: Creates (office) documents in the file system
get_memory_status: Gets information about the virtual and physical memory of the system
get_sid_domain: Get user's SID
get_username: Gets username
test_check_service: Starts services
create_rpc_bindings: Creates RPC connection