Managed XDR

important_docs.lnk — malware analysis report

File info

Filename
important_docs.lnk
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Wed Feb 14 11:49:15 2024, mtime=Thu May 15 13:21:30 2025, atime=Wed Feb 14 11:49:15 2024, length=455680, window=hide
File size
2.9 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
739728c35709ceceaecf954b0acc952d5b4d3acb
SHA256
ce345dd3334eb24a7b45630877cf2fb813f241e9fde7964716d19d5674acb7ae
MD5
a049098cfbbd121fec1bcd2daaf91e98

Signatures

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1552 infostealer_browser: Retrieves personal information from local Internet browsers
T1503 infostealer_browser: Retrieves personal information from local Internet browsers

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object