Managed XDR

autorecovery-save-of-bgi-43-_1_.asd — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
autorecovery-save-of-bgi-43-_1_.asd
Тип файла
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Template: Normal.dotm, Last Saved By: Administrator, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 16:00, Create Time/Date: Mon Jun 8 20:25:00 2020, Last Saved Time/Date: Mon Jun 8 20:27:00 2020, Number of Pages: 1, Number of Words: 155, Number of Characters: 888, Security: 0
Размер файла
351.5 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
79aa90eb59f6b78f5ff4ee46be739ab401ed082f
SHA256
a15a34d60f81a0ab6ba4f3e833ffdae9a40fe1cac06e4a06154b629a28730c38
MD5
1e3af665e1262dbfae362d0e2843fa27

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antivm_queries_computername: Retrieves the computer name
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card