Managed XDR

resume.pdf-20.lnk — malware analysis report

File info

Filename
resume.pdf-20.lnk
File type
MS Windows shortcut, Item id list present, Has Working directory, Has command line arguments, ctime=Sat Mar 22 01:43:05 2025, mtime=Sat Mar 22 01:43:05 2025, atime=Sat Mar 22 01:43:05 2025, length=0, window=hidenormalshowminimized
File size
1.3 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
8f5b0adcee16fa4cc2ecbf93091cd3fe894badf8
SHA256
630929602e50bcb974cedd105d82ddb8243ddc7bab7a68f2ece1c002ed4a14e3
MD5
caa690dd84480429338ad78fbbb10996

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antivm_disk_size: Checks the amount of free disk space
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_disk_size: Checks the amount of free disk space
T1083 crawls_directories: Opens a huge number of directories all over disk C: (possibly, searches for sensitive data)
T1518 locates_browser: Attempts to identify where browsers are installed

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process