Managed XDR

vtdl_1747819914_ww1yp73d — malware analysis report

File info

Filename
vtdl_1747819914_ww1yp73d
File type
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1200, Locale ID: 2052, Title: , Author: Lenovo, Create Time/Date: Wed Oct 31 18:27:00 2012, Last Saved Time/Date: Tue May 20 02:26:07 2025, Last Printed: Tue May 20 01:38:38 2025, Number of Pages: 17, Number of Words: 4152, Number of Characters: 4297, Name of Creating Application: WPS Office_11.8.2.10321_F1E327B, Security: 0
File size
120 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
009b9d653ef2fdb005633cb1aabb2755674fe3f9
SHA256
5421dc5d942f8e8a776c9f4ba9903b605ae50f2bcfe29b56fff8abe9b271037d
MD5
cf19f9f3c7dad46671c001632414375a

Signatures

Execution

T1204.002 office_vb_load: Microsoft Office is loading VB DLL files (macros usage indicator)
T1064 office_macros: The document contains macro
T1064 office_macros_autoexec: The document contains an auto-start macro

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1064 office_macros: The document contains macro
T1064 office_macros_autoexec: The document contains an auto-start macro

Other

yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card
checktokenmembership: Checks user token with CheckTokenMembership call