Managed XDR

c-users-user-appdata-l....com-google-search.lnk — malware analysis report

File info

Filename: c-users-user-appdata-local-temp-k1jpwuvs.oh1-unityassetsallfree.com-google-search.lnk
File type: MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=0, Archive, ctime=Sat Dec 23 16:16:19 2023, mtime=Tue Nov 5 02:03:09 2024, atime=Tue Oct 29 00:30:28 2024, length=1115744, window=hide
File size: 3.7 KB
First seen: 2025-03-17 03:17
Last seen: 2025-03-17 03:17

w10/x64 en

T1059.001 url_cmdline: Cmdline of process contains URL

T1059.003 url_cmdline: Cmdline of process contains URL

T1055 injection_thread: Code injection to a remote process using CreateRemoteThread or NtQueueApcThread

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

T1055 injection_thread: Code injection to a remote process using CreateRemoteThread or NtQueueApcThread

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

T1497.001 antivm_generic_video: Checks information about video adapters in registry, possibly for anti-virtualization

T1518 locates_browser: Attempts to identify where browsers are installed

T1497.001 antivm_generic_video: Checks information about video adapters in registry, possibly for anti-virtualization

T1071.001 network_http: Performs HTTP requests

T1485 deletes_files: Removes 500 or more files from C: drive

creates_many_processes: Spawns a lot of processes (over 70)

creates_exe: Creates executable files in the file system

creates_suspended_process: Creates suspended process

test_check_service: Starts services

yara_rules: Static rules