Managed XDR

scratch-zoo-2025-04-30...33e6be303ee710cd1ef216 — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
scratch-zoo-2025-04-30-3b96261fd833e6be303ee710cd1ef216
Тип файла
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1200, Number of Characters: 26, Create Time/Date: Wed Apr 9 23:36:00 2025, Name of Creating Application: Microsoft O, Number of Pages: 1, Revision Number: 1, Security: 0, Template: Normal, Number of Words: 4
Размер файла
63 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
bc96783a81c30db9f781874f580d07b0598cd580
SHA256
4da8cb9c40784c12fcabfaa03077baa5e6f86f58c1cd4d662757fade4802e651
MD5
3b96261fd833e6be303ee710cd1ef216

Сигнатуры

Execution

T1203 office_exploit_crash: Microsoft Office process crashes (failed exploitation of a vulnerability is possible)

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents

Other

yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card