Managed XDR

vtdl_mgne33ee — malware analysis report

File info

Filename
vtdl_mgne33ee
File type
ASCII text, with CRLF, LF line terminators
File size
120.2 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
9e6106f498565732fc763265ef719f38098b24c1
SHA256
e3c861cfac820f215da5632b00c475a9310ccfabe60875f5e94deabf4c0ff106
MD5
9e593f61cc7e66a145e421154dc09ae2

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
office_summary: The document contains suspicious metadata
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card