Managed XDR

ccnadump.rtf — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
ccnadump.rtf
Тип файла
ASCII text, with very long lines, with CRLF, LF line terminators
Размер файла
8.5 KB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x86 en

Хеши

SHA1
5719a9197ebbb57f8882945e78e192c9bda4c686
SHA256
2f1393ce0ad9bf6271c9bc5b94854242ca3c46b0ea627c6d56295896197e3360
MD5
86df6ecdeab3c2cbc50c02eb9969ea7d

Сигнатуры

Execution

T1204.002 office_vb_load: Microsoft Office is loading VB DLL files (macros usage indicator)
T1204.002 office_com_load: Microsoft Office loads COM DLL files (indicator of COM usage in macros)

Defense Evasion

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents

Credential Access

T1555.003 cookie_files: Accesses cookie files
T1555.004 windows_credential_manager: Acquire credentials from the Windows Credential Manager
T1552 cookie_files: Accesses cookie files

Discovery

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1083 checks_recent_files: Attempt to check recently opened files through registry

Command and Control

T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet

Other

yara_rules: Static rules
process_crashed: One of the processes has failed
unexpected_exception: Unexpected exception
test_check_service: Starts services
writes_data: Writes big amount of data to disk
dotnet_suspicious_cultureidentifier: Dotnet program contains invalid CultureIdentifier