Managed XDR

autorecovery-save-of-readme.asd — malware analysis report

File info

Filename
autorecovery-save-of-readme.asd
File type
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Template: Normal.dotm, Last Saved By: User, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: Sat Jan 24 10:10:00 9767, Create Time/Date: Tue Sep 23 10:42:00 2025, Last Saved Time/Date: Tue Sep 23 10:43:00 2025, Number of Pages: 1, Number of Words: 518, Number of Characters: 2957, Security: 0
File size
25.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
200d1dbb6f6f99fc6ae74eda2b8e741b8f878a54
SHA256
a5c5985a6b79b16b24c33ce92729b1eef867d33056722937e623e93f2f1b7a85
MD5
89c89bd2f8f451bcf70630a590a2263e

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antivm_queries_computername: Retrieves the computer name
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card
Managed XDR