Managed XDR

autorecovery-save-of-chatgpt5.asd (Metasploit) — malware analysis report

File info

Filename
autorecovery-save-of-chatgpt5.asd
File type
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: W10, Template: Normal.dotm, Last Saved By: CABRERA URREJOLA CLAUDIO A, Revision Number: 9, Name of Creating Application: Microsoft Office Word, Total Editing Time: 36:00, Create Time/Date: Tue May 20 03:07:00 2025, Last Saved Time/Date: Wed May 21 06:02:00 2025, Number of Pages: 1, Number of Words: 57, Number of Characters: 331, Security: 0
File size
112.5 KB
First seen
Last seen

Environment

win7/x64 en

Hashes

SHA1
48a67b431f58b5442402fa1cc615613010131b85
SHA256
b5d3af4a5e74f5412233482ac60c5a25bbe3b71d35db1a28a0f839c3cac680f9
MD5
765c0ced13655f435a99dfb8094efb1e

Malwares

  • Metasploit

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 pe_features: Executable file has PE anomalies (may be false positive)
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
office_embedded: Office document contains embedded executable file(s)
create_rpc_bindings: Creates RPC connection
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card

Related reports