Managed XDR

aufgabenlosung-autosav...12099020207835008-.asd (Meterpreter) — malware analysis report

File info

Filename
aufgabenlosung-autosaved-312099020207835008-.asd
File type
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Fri Oct 10 20:02:00 2025, Number of Pages: 1, Number of Words: 6, Number of Characters: 35, Security: 0
File size
21.5 KB
First seen
Last seen

Environment

winxp/x86 en

Hashes

SHA1
d5f33e7b1180b19b106a3a64453b550e5b36e088
SHA256
00bdb2fe1a8adb0a844d55d5e42dd31669aec83b40962f1a9dca3a0bc3395864
MD5
506f51b4df210bc3d67ac608f9fc8895

Malwares

  • Meterpreter

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497 evasion_runmru: Attempts to detect Sandbox by Run MRU
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1555.003 cookie_files: Accesses cookie files
T1552 cookie_files: Accesses cookie files

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed
T1497 evasion_runmru: Attempts to detect Sandbox by Run MRU

Command and Control

T1071.001 network_http: Performs HTTP requests

Other

yara_rules: Static rules
creates_in_programdata: Creates files in the ProgramData directory

Related reports