Managed XDR

c-users-user-desktop-e...ord-document.docx-copy — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-users-user-desktop-eicar-word-document.docx-copy
Тип файла
Microsoft Word 2007+
Размер файла
18.2 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
3c624eeefc028e06665c0fb1a14a6e44e7c1bbdd
SHA256
98d0be6c763f257a484ffd44822caedd3235ab1426368b3bdae7f4f873d563c8
MD5
ead07150d2c5354557bc51951fa00af1

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1555.003 cookie_files: Accesses cookie files
T1552 cookie_files: Accesses cookie files

Discovery

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1083 checks_recent_files: Attempt to check recently opened files through registry

Other

yara_rules: Static rules
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card