Managed XDR

ttp3.rtf-autosaved-311951001814000400-.asd — malware analysis report

File info

Filename
ttp3.rtf-autosaved-311951001814000400-.asd
File type
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Template: Normal.dotm, Last Saved By: Ahmed Raafat, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Tue Jul 29 01:49:00 2025, Last Saved Time/Date: Tue Jul 29 01:50:00 2025, Number of Pages: 1, Number of Words: 294, Number of Characters: 1680, Security: 0
File size
24 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
0fbe35f37674af4ee4a857dedab6d25df86825c6
SHA256
556c2707b0ceeb3e655c0626a6f5057f65df8ba23e2fcf7f485f67b14bc50db8
MD5
0a02163fbf574c2aab6fdd99047ec4cc

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antivm_queries_computername: Retrieves the computer name
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card