Managed XDR

vtdl_1761055064_c7lbyzgw — malware analysis report

File info

Filename
vtdl_1761055064_c7lbyzgw
File type
CDFV2 Microsoft Outlook Message
File size
43 KB
First seen
Last seen

Environment

w10/x86 en

Hashes

SHA1
f41cb37ce60162fcbc8bca27b5433519932fc439
SHA256
d7e0d43779569f54f39e01d58c136edad0d949ce973bfca685975b17e7b2a998
MD5
309bd6c867090a683c83329420acac2e

Signatures

Execution

T1059 network_wscript_downloader: Wscript.exe initiated network communication
T1059.007 bad_js: Suspicious Javascript file

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1555.003 cookie_files: Accesses cookie files
T1552 cookie_files: Accesses cookie files

Discovery

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)

Command and Control

T1071 network_wscript_downloader: Wscript.exe initiated network communication
T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet

Other

dead_host: Connects to IP addresses that do not respond to requests
checktokenmembership: Checks user token with CheckTokenMembership call
writes_data: Writes big amount of data to disk