Managed XDR

c-users-user-appdata-l...ew-1-old_ficha.otf.lnk — malware analysis report

File info

Filename
c-users-user-appdata-local-temp-e0s40bxi.luc-_new-1-old_ficha.otf.lnk
File type
MS Windows shortcut, Item id list present, Has Relative path, Has command line arguments, Icon number=3, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hide
File size
2.1 KB
First seen
Last seen

Environment

w10/x64 en

Hashes

SHA1
90b65543d73ca7e8a239adda56a726ab03e51095
SHA256
570bcdc7a65d7fbb5964d782d210ca267aca92c9a3f57e93a56ff62c42f9d5a0
MD5
a7e40ca3ae46faefe46a7abd320b6d6a

Signatures

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process

Defense Evasion

T1497.003 antisandbox_idletime: Detects Windows Idle Time to determine the uptime

Discovery

T1497.003 antisandbox_idletime: Detects Windows Idle Time to determine the uptime
T1518 locates_browser: Attempts to identify where browsers are installed

Other

creates_suspended_process: Creates suspended process
test_check_service: Starts services
yara_rules: Static rules