Managed XDR

vtdl_1759287465_3klold39 — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
vtdl_1759287465_3klold39
Тип файла
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1200, Locale ID: 2052, Title: Lt, Author: h, Template: Norm, Last Saved By: ZY, Revision Number: 3, Create Time/Date: Wed Oct 30 17:21:00 2013, Last Saved Time/Date: Thu Jan 7 07:19:07 2021, Last Printed: Tue Jan 14 08:45:00 2003, Number of Pages: 2, Number of Words: 53, Number of Characters: 307, Name of Creating Application: WPS Office_11.8.6.8810_F1E327B, Security: 0
Размер файла
93.5 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
6a7d67503b2709ae239f617223672f26d96a0b7d
SHA256
15b203f5e552bdb49c6bb0d79973a0219b6b9589f5d4d4d36a9d0ea1aefa2cd5
MD5
3ca981d9bcc1409e94306a7feee62454

Сигнатуры

Execution

T1204.002 office_vb_load: Microsoft Office is loading VB DLL files (macros usage indicator)
T1064 office_macros: The document contains macro
T1064 office_macros_autoexec: The document contains an auto-start macro

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1064 office_macros: The document contains macro
T1064 office_macros_autoexec: The document contains an auto-start macro

Other

yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card
checktokenmembership: Checks user token with CheckTokenMembership call