Managed XDR

file.docx — malware analysis report

File info

Filename
file.docx
File type
MS Windows shortcut, Item id list present, Has Working directory, Has command line arguments, ctime=Fri Mar 21 21:44:07 2025, mtime=Fri Mar 21 21:44:07 2025, atime=Fri Mar 21 21:44:07 2025, length=0, window=hidenormalshowminimized
File size
1.3 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
65bfaec0f67b68cef2b5bcd2fa6516135e22f90e
SHA256
a178ad38e07ae60afddaaca949b01b3d1d9b85714e91e4e471da102bbbf4365e
MD5
0125bac662595d1a6b9a55199936be91

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antivm_disk_size: Checks the amount of free disk space
T1497.001 antivm_queries_computername: Retrieves the computer name
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_disk_size: Checks the amount of free disk space
T1083 crawls_directories: Opens a huge number of directories all over disk C: (possibly, searches for sensitive data)
T1518 locates_browser: Attempts to identify where browsers are installed
T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card