Managed XDR

c-users-user-appdata-l...5c-meupedido636392.lnk — malware analysis report

File info

Filename
c-users-user-appdata-local-temp-gmun33j4.25c-meupedido636392.lnk
File type
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Icon number=0, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hide
File size
1 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
216d79ea03314e784f538028e179603b21784875
SHA256
a8ca172b22314d338d29be44fac7723d771a1122e869c9a5771631b1b1c19cbf
MD5
48df6c0979016b7b7538f75bd76bdd7e

Signatures

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1059.001 url_cmdline: Cmdline of process contains URL
T1059.003 url_cmdline: Cmdline of process contains URL

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1218 suspicious_cmdline: Executes a suspicious command
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Command and Control

T1071.001 winhttp_https: Performs HTTP/HTTPS requests using WinHttp

Other

suspicious_process_network: Unusual process network activity detected
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
yara_rules: Static rules