Managed XDR
Group-IB MDP Report
File info
Filename: vtdl_1759594794_ts0uhum2
File Type: MS Windows shortcut, Item id list present, Has command line arguments, Icon number=3, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hidenormalshowminimized
File Size: 836 Bytes
Env info
win7/x86 en
Hashes
SHA1: ab76f1591551f8a52d37fd427997794ba5e18aac
SHA256: 48d4f598c06979911eb02c8f89c672d79fb2c6afe925cc7c8658bb5221217daa
MD5: a4cae8250b45a6c6f8814dcad8e32451
Signatures
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Other
yara_rules: Static rules
suspicious_explorer_cmdline: Starts explorer.exe process with suspicious command line
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
next report: 94885a9b-f0b7-4f62-aff1-899ddd504276
previous report: aa537c02-6907-4014-a75c-a197048a7d3b
Managed XDR