Managed XDR

doc1-autosaved-311755402642400160-.asd — malware analysis report

File info

Filename: doc1-autosaved-311755402642400160-.asd
File type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: Huan Dang, Template: Normal.dotm, Last Saved By: Huan Dang, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 09:00, Create Time/Date: Tue Apr 22 05:58:00 2025, Last Saved Time/Date: Tue Apr 22 06:09:00 2025, Number of Pages: 1, Number of Words: 314, Number of Characters: 1796, Security: 0
File size: 27.5 KB
First seen: 2025-05-21 09:49
Last seen: 2025-05-21 09:49

win7/x86 en

T1059.007 pdf_js: PDF contains JavaScript

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

T1497.001 antivm_queries_computername: Retrieves the computer name

T1497.002 async_mouse: Watches for mouse clicks using GetAsyncKeyState to detect human activity

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

T1497.001 antivm_queries_computername: Retrieves the computer name

T1497.002 async_mouse: Watches for mouse clicks using GetAsyncKeyState to detect human activity

T1135 server_share_info: Retrieves information about each shared resource on a server

T1071.001 network_http: Performs HTTP requests

T1071.001 winhttp_https: Performs HTTP/HTTPS requests using WinHttp

yara_rules: Static rules

suricata_alert: Malicious traffic detected

pdf_page: Contains only one page

create_rpc_bindings: Creates RPC connection

pdf_compressed_stream: Contains an object with compressed stream

get_policy_info: Retrieves information about a Policy object

test_check_service: Starts services

office_links: Office file contains external links

antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card