Managed XDR
Group-IB MDP Report
File info
Filename: vtdl_1737350758_0t506vzg
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
File Size: 451.1 KB
Env info
win7/x86 en
Hashes
SHA1: 0382e65408628c79b9701c0705889a1b25636105
SHA256: 11b8ed171a921e64a51c70269d242738f1a250e286cbc83ae836a91d55da31dd
MD5: 328d6eb9a4ff46f21913bad2bfaa173c
Signatures
Privilege Escalation
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1036.001 invalid_authenticode: Digital signature of the executable file has failed the verification
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1480 system_default_lang_id_present: Checks the system language
Other
yara_rules: Static rules
dead_host: Connects to IP addresses that do not respond to requests
no_graphical_activity: No graphic activity
net_dumps_in_native: .Net dumps have been found in native PE
has_pdb: This executable file has a PDB path
break_limit_exceeded: Warning: function calls limit has been exceeded
origin_langid: Unconventional language of the executable file
get_policy_info: Retrieves information about a Policy object
suspicious_network_port: Performs TCP or UDP request to non-standard port
pe_overlay: PE file contains overlay
next report: c9c9e827-cbe1-4442-87ba-28ea206b88af
previous report: 1a7c839f-b57b-4de2-bf9e-376b9cf214c9
Managed XDR