Managed XDR

vtdl_1748638567_ewit8jst — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
vtdl_1748638567_ewit8jst
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has command line arguments, Icon number=3, Archive, ctime=Sat Dec 7 09:09:07 2019, mtime=Wed Sep 4 11:42:32 2024, atime=Sat Dec 7 09:09:07 2019, length=71680, window=hide
Размер файла
1.7 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
fcd28e3b23b302ec4ef49866c1515a94eea34706
SHA256
5fe26e2aa933def81c6078adbb41bc2896b33b6a2904743ba84b432f60d16104
MD5
08845feb20f8d54d7a9f5e05da17dd0e

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
message_box: Displays a message
get_policy_info: Retrieves information about a Policy object