Managed XDR
Group-IB MDP Report
File info
Filename: c-users-user-appdata-local-temp-tuw1jkr0.by4-ijr964985380643.lnk
File Type: MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hidenormalshowminimized
File Size: 1.4 KB
Env info
win7/x86 en
Hashes
SHA1: 5977795de84c7238f0e7fafc4e6a16ffa4885c59
SHA256: 8e69eeb858b2bfb252bd986d421ab8508fcd65f874354766903a5c031b744bce
MD5: 91cd0721bd0b93b8a8bd5ef80e3e10bd
Signatures
Resource Development
T1586.001 social_twitter: Connects to Twitter domains (potentially for information gathering)
T1585.001 social_twitter: Connects to Twitter domains (potentially for information gathering)
Execution
T1059.007 mshta_javascript: Runs JavaScript using mshta
T1059.003 suspicious_process: Spawns a suspicious process
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Credential Access
T1555.003 cookie_files: Accesses cookie files
T1552 cookie_files: Accesses cookie files
Command and Control
T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet
Other
yara_rules: Static rules
modifies_certs: Attempts to generate or modify system certificates
suspicious_process_network: Unusual process network activity detected
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
suricata_alert: Malicious traffic detected
next report: 304b8715-54ff-443b-b6cb-748af72ff3b0
previous report: 8f14a3b5-430c-4e3e-895f-41d85edb98ae
Managed XDR