Managed XDR

vtdl_1750491761_og5qs2bj — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
vtdl_1750491761_og5qs2bj
Тип файла
PDF document, version 1.4
Размер файла
85.2 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
4ccdb89cbe5719ffd6c69c1b301ef7499af7f9da
SHA256
62f9bea4418ab558c3fcc66b686cbd27bc0e956b831abac97d7cd247abdcbf89
MD5
aeaf21cb9875f99fa3a99e2463416ab5

Сигнатуры

Initial Access

T1192 html_urls: HTML-document downloads a file

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.002 async_mouse: Watches for mouse clicks using GetAsyncKeyState to detect human activity
T1497.002 antivm_usbstor: Reads information about usbdevices from regkey
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.002 async_mouse: Watches for mouse clicks using GetAsyncKeyState to detect human activity
T1497.002 antivm_usbstor: Reads information about usbdevices from regkey

Command and Control

T1102.003 references_amazonaws: Contains links to cloud services of Amazon AWS services (potentially for malicious payload delivery)

Other

yara_rules: Static rules
pdf_compressed_stream: Contains an object with compressed stream
get_policy_info: Retrieves information about a Policy object
office_links: Office file contains external links