Managed XDR

home-farm-anteroom-866...86f91d5c9e6a2672fbe7cc — malware analysis report

File info

Filename
home-farm-anteroom-866-e43-866e430bd703647bcde1b486e29108820abcf86a3486f91d5c9e6a2672fbe7cc
File type
Non-ISO extended-ASCII text, with very long lines, with CRLF, CR, LF line terminators
File size
648.1 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
e72aaa002c36b6bb6f5f39534579b99625594077
SHA256
866e430bd703647bcde1b486e29108820abcf86a3486f91d5c9e6a2672fbe7cc
MD5
5d1ec19251d99c9b2531b660ea3bcda9

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1497.001 antivm_queries_computername: Retrieves the computer name
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1497.001 antivm_queries_computername: Retrieves the computer name
T1083 checks_recent_files: Attempt to check recently opened files through registry

Other

yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card