Managed XDR

c-users-user-desktop-documents.lnk — malware analysis report

File info

Filename
c-users-user-desktop-documents.lnk
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=0, Read-Only, Directory, ctime=Thu Feb 15 00:39:31 2024, mtime=Mon Mar 25 11:20:51 2024, atime=Mon Mar 25 11:20:35 2024, length=4096, window=hide
File size
2 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
e808bd33e0e13edc1b43837d61b85f3e624c5058
SHA256
18506cf98237fee56dca174c41f82a419d4f1d1d2942bbaa732ec9dd02677b64
MD5
1b9128d0fbd7349314fa8bb2c24afff2

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1202 lolbin_explorer: Starts the process via Explorer with root flag to break process tree

Credential Access

T1552.001 infostealer_bitcoin: Attempts to obtain access to Bitcoin/ALTCoin wallets

Discovery

T1497.003 antisandbox_sleep: The process attempted to slow down analysis

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
suspicious_explorer_cmdline: Starts explorer.exe process with suspicious command line
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services