Managed XDR

ks-db-merge-for-oracle...ompatibility-mode-.lnk — malware analysis report

File info

Filename
ks-db-merge-for-oracle-32-bit-compatibility-mode-.lnk
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Wed Oct 6 13:52:15 2021, mtime=Tue Mar 4 00:23:09 2025, atime=Wed Oct 6 13:52:15 2021, length=236544, window=hide
File size
2.2 KB
First seen
Last seen

Environment

win7/x64 en

Hashes

SHA1
756f83d4175347b73e5b6512ff16a35de7e33e37
SHA256
46285e2b69ce4347ce092b29c8e217090c88d8907e661d26481c1290d4e596a5
MD5
855479c28c66d00db34b3728428c5209

Signatures

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1059.003 suspicious_cmd: Executes cmd.exe with a suspicious command line

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027 suspicious_cmd: Executes cmd.exe with a suspicious command line

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
yara_rules: Static rules