Managed XDR

vtdl_1744064538_d_omrws1 (FlawedAmmyy) — malware analysis report

File info

Filename
vtdl_1744064538_d_omrws1
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
109.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
550d59dadeeb322b722fc24567d44c3a213c008d
SHA256
47abfbf6a451f54171af685c90befa3effc0171fcf987b2c88c3ff89d9dd5a3e
MD5
bc6dc1babd2e5fff610ef06901764d8b

Malwares

  • FlawedAmmyy

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1070 stealth_window: A process created a hidden window

Discovery

T1087.001 local_account_discovery: Enumerates local accounts
T1087.002 domain_account_discovery: Collects information about accounts and groups in domain

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
get_policy_info: Retrieves information about a Policy object

Related reports

Managed XDR