Managed XDR
Group-IB MDP Report
File info
Filename: vtdl_1731292558_tlmk2jcm
File Type: Zip archive data, at least v2.0 to extract
File Size: 259.6 KB
Env info
win7/x86 en
Hashes
SHA1: 06dc8ff3c8097d520e72dae4b853d6021b769b11
SHA256: 5b94fa145afb110e2481f3904cd6c803779dd20544a01c71d58806e8132ed5be
MD5: 882621895fdc3c902e7bc735b41f19a9
Signatures
Privilege Escalation
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Other
yara_rules: Static rules
dead_host: Connects to IP addresses that do not respond to requests
only_exec_in_archive: The archive contains only an executable file
no_graphical_activity: No graphic activity
net_dumps_in_native: .Net dumps have been found in native PE
has_pdb: This executable file has a PDB path
get_policy_info: Retrieves information about a Policy object
next report: 6f63b80a-9ba3-436f-8bfa-352cbccc5737
previous report: 6ce9f487-4fa4-4b2a-923d-7be9aa6d3ddd
Managed XDR