Managed XDR

scanfilespec-170290.lnk — malware analysis report

File info

Filename
scanfilespec-170290.lnk
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=0, Archive, ctime=Sat Sep 15 07:14:15 2018, mtime=Sat Sep 15 07:14:15 2018, atime=Sat Sep 15 07:14:15 2018, length=431104, window=hidenormalshowminimized
File size
3.1 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
3138abba1bee1a939900c19b233f0a6978733dd9
SHA256
d04cf93b30c1be5db5fe11ced9e844ff2d5635571c55048d1dfc790174eae894
MD5
d8f003b1e16cb1313f672cb257c57ae3

Signatures

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1204 suspicious_lnk: LNK file with suspicious content
T1059.001 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Command and Control

T1071.001 network_cnc_http: Suspicious HTTP traffic
T1071.001 network_http: Performs HTTP requests

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
Managed XDR