Managed XDR

c-users-user-appdata-l...temp-ez2hev2k.ss4-.lnk — malware analysis report

File info

Filename
c-users-user-appdata-local-temp-ez2hev2k.ss4-.lnk
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has command line arguments, Icon number=41, Archive, ctime=Sat Jun 5 12:05:12 2021, mtime=Thu May 16 08:34:36 2024, atime=Sat Jun 5 12:05:12 2021, length=331776, window=hide
File size
2.3 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
f08e31f8ce90b794f93963ede7b96dc42a344bd0
SHA256
9dd3631a531b63b4d93726ae4578302294c9b6941761cb41a44f8be425a17bdf
MD5
1c9d70893635aaf7264d54fa78afa289

Signatures

Execution

T1204 suspicious_lnk: LNK file with suspicious content

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object