Managed XDR

1-autosaved-311485581130810832-.asd — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
1-autosaved-311485581130810832-.asd
Тип файла
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: -535, Author: User, Template: Normal.dotm, Last Saved By: Windows , Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Dec 26 21:47:00 2017, Last Saved Time/Date: Tue Dec 26 21:47:00 2017, Number of Pages: 4, Number of Words: 16, Number of Characters: 93, Security: 0
Размер файла
108.5 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
be10d0507785497bca60b51e1ff3d223e2d50937
SHA256
6eea10e86614cd585ee90e29a53edd82574a61d3f8cf3e8f9ba59f9f7e840af3
MD5
e56499ed4d0fc8789ff539a930ad2e6e

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antivm_queries_computername: Retrieves the computer name
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card