Managed XDR

vtdl_1750647598__42ry0hf — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
vtdl_1750647598__42ry0hf
Тип файла
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 936, Author: x, Template: Normal, Last Saved By: Jacky Chen, Revision Number: 2, Name of Creating Application: Microsoft Word 9.0, Last Printed: Thu Apr 26 03:46:00 2007, Create Time/Date: Tue Jun 19 18:37:00 2007, Last Saved Time/Date: Tue Jun 19 18:37:00 2007, Number of Pages: 22, Number of Words: 1289, Number of Characters: 7351, Security: 0
Размер файла
3.2 MB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
cfdbc345ff948fd8504d25cd0da88dd9cefc125b
SHA256
7c70e6470b8ac11b3eec1e5d45f4b16ad64fb266dc7bb8e17f1874e70900e58b
MD5
77bc550c1d34bae4a941c45e9037e039

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents

Discovery

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1083 checks_recent_files: Attempt to check recently opened files through registry

Other

yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card