Managed XDR

vtdl__ca_detx — malware analysis report

File info

Filename
vtdl__ca_detx
File type
MS Windows shortcut, Item id list present, Has Working directory, Has command line arguments, Archive, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hidenormalshowminimized
File size
253 Bytes
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
f2ae992b6f42e594856cc88f74f1d65f4e6e84a7
SHA256
ff54340165d8c68c41a9271ed59810b878a171a8026f70576958fccf1b15393f
MD5
c728d0e844b798242a8989929bf70d95

Signatures

Execution

T1059 finger_abuse: Abusing finger.exe to download payload

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
dns_without_resolve: DNS query without a response
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object