Managed XDR

home-farm-anteroom-e39...22eead74379a082a4af464 — malware analysis report

File info

Filename
home-farm-anteroom-e39-79d-e3979d7b93b4b97c061965ea251a06d35e5d704f5022eead74379a082a4af464
File type
ISO-8859 text, with very long lines, with CRLF, CR, LF line terminators
File size
308.8 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
e0ae74c8f5aac53c9313fe437944e80e4fc91aa6
SHA256
e3979d7b93b4b97c061965ea251a06d35e5d704f5022eead74379a082a4af464
MD5
40a096df92bdedca6f170010be5c21ab

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents

Discovery

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1083 checks_recent_files: Attempt to check recently opened files through registry

Other

yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card