Managed XDR

vtdl_1751424781_ch2kejx6 — malware analysis report

File info

Filename
vtdl_1751424781_ch2kejx6
File type
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
File size
45 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
451d024871c58d6b8b2db85213a2f39c8f33186e
SHA256
63c8adc34d51527a8a8fd5f25c5539afeb02bb3b8053008911fcc10c3c19fafb
MD5
284b76e9a3b5b02334d9a617946c9977

Signatures

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1574 dropper_dll: Creates DLL, which is then loaded into the process

Defense Evasion

T1027.002 unnamed_memory_regions_contains_pe: One or several unnamed memory regions are PE files
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1574 dropper_dll: Creates DLL, which is then loaded into the process

Discovery

T1057 process_interest: Enumerates processes

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
message_box: Displays a message
error_drawtext: An error occured while executing the file
Managed XDR