Managed XDR
Group-IB MDP Report
File info
Filename: ts2v0vdo2a0dcg1jy.lnk
File Type: MS Windows shortcut, Item id list present, Has Working directory, Has command line arguments, Archive, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hidenormalshowminimized
File Size: 1.6 KB
Env info
win7/x64 en
Hashes
SHA1: fbb9f4b093b3b20754bb67d9530b955c22112ed3
SHA256: f6a14a6051127ef0edd5d680b393a180dbc6b8398ecca55888ce9f3391593e62
MD5: bcaf15108d19bfafe2f64aacbd431871
Signatures
Execution
T1059.007 mshta_javascript: Runs JavaScript using mshta
T1059.003 suspicious_process: Spawns a suspicious process
Defense Evasion
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
Credential Access
T1555.003 cookie_files: Accesses cookie files
T1552 cookie_files: Accesses cookie files
Command and Control
T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet
Other
modifies_certs: Attempts to generate or modify system certificates
creates_exe: Creates executable files in the file system
suspicious_process_network: Unusual process network activity detected
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
yara_rules: Static rules
next report: f214f35d-5a8d-4ab5-8259-f4e523ad745a
previous report: 6ec838e5-f476-4dde-9334-e2e431aebbb8
Managed XDR