vtdl_a_pt3muc | Group-IB MDP Reports

Managed XDR

Group-IB MDP Report

Filename: vtdl_a_pt3muc

File Type: HTML document, ASCII text, with CRLF line terminators

File Size: 1 MB

SHA1: 183880b56a3390e13ced6fbc4fbf1e9c617dca71 SHA256: d1b42e0eebb62a90ff9f8aefb257d8d4837ffe97ae37f22db0fad43aa42e9bac MD5: 94a69040626312959df7739fb893b46c

Signatures

Execution

T1203 exploit_CVE_2017_11882: Exploits CVE-2017-11882 vulnerability

Defense Evasion

T1497 windows_enumthread: Attempts to enumerate windows using EnumThreadWindows and SendMessage for text obtaining

T1497.002 async_mouse: Watches for mouse clicks using GetAsyncKeyState to detect human activity

Discovery

T1083 checks_recent_files: Attempt to check recently opened files through registry

T1082 windows_enumthread: Attempts to enumerate windows using EnumThreadWindows and SendMessage for text obtaining

T1497 windows_enumthread: Attempts to enumerate windows using EnumThreadWindows and SendMessage for text obtaining

T1497.002 async_mouse: Watches for mouse clicks using GetAsyncKeyState to detect human activity

Other

yara_rules: Static rules

suspicious_process_network: Unusual process network activity detected

suspicious_process: Spawns a suspicious process

unexpected_exception: Unexpected exception

test_check_service: Starts services

next report: 93530665-a84c-4251-a7e6-686accca0291

previous report: e5ac5714-8897-4acb-937d-ed47f4049fed

Managed XDR