Managed XDR

mydownload.lnk — malware analysis report

File info

Filename
mydownload.lnk
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has command line arguments, Icon number=4, Archive, ctime=Sat Jun 5 12:05:51 2021, mtime=Mon Jan 17 09:14:02 2022, atime=Sat Jun 5 12:05:51 2021, length=250880, window=hidenormalshowminimized
File size
2.7 KB
First seen
Last seen

Environment

w10/x86 en

Hashes

SHA1
c2bf54f90c63dd00b5b2952637965c8978d03d19
SHA256
c42a2d25213009da057f4a0b7c2afddb5bc2c32c8dc4acd7a5adf100ecca389d
MD5
af1d5070885fb1eda5404823c949a958

Signatures

Execution

T1204 suspicious_lnk: LNK file with suspicious content

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

creates_many_processes: Spawns a lot of processes (over 70)
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
break_limit_exceeded: Warning: function calls limit has been exceeded
writes_data: Writes big amount of data to disk
yara_rules: Static rules
Managed XDR