Managed XDR

autorecovery-save-of-a...a8b8329231eb56.rtf.asd — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
autorecovery-save-of-a0f0db6cc8fc74c68c4b707a625205f25bc2c379f6a8b8329231eb56.rtf.asd
Тип файла
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: Win7-x86, Template: h9i341lDMiztxAqrWsaOwHfUkSrAFWuI.dot, Last Saved By: Win7-x86, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Apr 20 09:36:00 2017, Last Saved Time/Date: Thu Apr 20 09:36:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0
Размер файла
22 KB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x86 en

Хеши

SHA1
820a4daf8bf5df0b29f36da23e130d93b05603cd
SHA256
2a67bf30096e851c65771c7df384e9953a426bdccc9f6efb19b255607340f8d5
MD5
349eb53f5043288c458843c4e8eb52cb

Сигнатуры

Execution

T1204.002 office_com_load: Microsoft Office loads COM DLL files (indicator of COM usage in macros)

Defense Evasion

T1221 office_attached_template: Office file attempts to download a suspicious template from the Internet

Credential Access

T1555.004 windows_credential_manager: Acquire credentials from the Windows Credential Manager

Other

yara_rules: Static rules
office_summary: The document contains suspicious metadata
test_check_service: Starts services
writes_data: Writes big amount of data to disk