Managed XDR

vtdl_c9c9ilp7 — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
vtdl_c9c9ilp7
Тип файла
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, Code page: 936, Title: , Last Saved By: qq, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Dec 17 01:32:42 1996, Last Saved Time/Date: Thu Nov 26 03:35:15 2009, Security: 0
Размер файла
25.5 KB
Первое обнаружение
Последнее обнаружение

Окружение

winxp/x86 en

Хеши

SHA1
82f451929614679d3a1e3ee779160e43a64ed1ad
SHA256
7504052e97e2d3086902f0c2c6103376d7f7757fc6e631e8bf3930390c78b161
MD5
eb1888aa25f7f32a2292d16f07c7e4cb

Сигнатуры

Execution

T1203 office_exploit_crash: Microsoft Office process crashes (failed exploitation of a vulnerability is possible)
T1064 office_macros: The document contains macro

Defense Evasion

T1064 office_macros: The document contains macro

Credential Access

T1555.003 cookie_files: Accesses cookie files
T1552 cookie_files: Accesses cookie files

Other

yara_rules: Static rules
office_summary: The document contains suspicious metadata
creates_in_programdata: Creates files in the ProgramData directory