Managed XDR

vtdl_sg1fc0n2 — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
vtdl_sg1fc0n2
Тип файла
MS Windows shortcut, Item id list present, Has Working directory, Has command line arguments, Archive, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hidenormalshowminimized
Размер файла
247 Bytes
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
d3377a8407616d84a6e474d5e44284b961ba5024
SHA256
28980cf827019fa73532aae76decf1e3690aa801192dc7f90b40be50f168bf7f
MD5
271fb0576b6aebcdd5dcecffb1fc6630

Сигнатуры

Execution

T1059 finger_abuse: Abusing finger.exe to download payload

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
dns_without_resolve: DNS query without a response
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
suricata_alert: Malicious traffic detected