Managed XDR

9796-c333414.docx — malware analysis report

File info

Filename
9796-c333414.docx
File type
Microsoft OOXML
File size
15.6 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
7c0be5109be9066f253ae90aa8741d3fde577b91
SHA256
64131d84db08c7c0cd4e0aff9eb3e8f76c03a0b0c2009df12d23f8c1f5518055
MD5
a290af10e75ac19c31c8a63f92f1f7da

Signatures

Privilege Escalation

T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1221 office_attached_template: Office file attempts to download a suspicious template from the Internet
T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1497.001 antivm_queries_computername: Retrieves the computer name
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1555.003 cookie_files: Accesses cookie files
T1552 cookie_files: Accesses cookie files

Discovery

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1497.001 antivm_queries_computername: Retrieves the computer name

Command and Control

T1071.001 winhttp_https: Performs HTTP/HTTPS requests using WinHttp

Other

create_rpc_bindings: Creates RPC connection
get_policy_info: Retrieves information about a Policy object
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card
suricata_alert: Malicious traffic detected