Managed XDR

virusshare_d031bc932d2...b98c7c70dceca410b4.rtf — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
virusshare_d031bc932d20ffb98c7c70dceca410b4.rtf
Тип файла
Rich Text Format data, version 1, ANSI
Размер файла
216.4 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
0ef8ea3cb0ddda3501d3cbe36455e04c97a65eab
SHA256
5b60d1e746e45276dd3023d66f2d56b3977874f1c63a1aafcbccbf9e70604a2b
MD5
ce1ec3e8af31ffe55f473fa0288df1bf

Сигнатуры

Privilege Escalation

T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1497.001 antivm_queries_computername: Retrieves the computer name
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1555.003 cookie_files: Accesses cookie files
T1552 cookie_files: Accesses cookie files

Discovery

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1497.001 antivm_queries_computername: Retrieves the computer name
T1083 checks_recent_files: Attempt to check recently opened files through registry

Command and Control

T1071.001 winhttp_https: Performs HTTP/HTTPS requests using WinHttp
T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet

Other

yara_rules: Static rules
dns_without_resolve: DNS query without a response
create_rpc_bindings: Creates RPC connection
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card