Managed XDR

c-users-user-appdata-l...po-directory-opus-.lnk — malware analysis report

File info

Filename
c-users-user-appdata-local-temp-nwcqjx3m.wpo-directory-opus-.lnk
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has command line arguments, Icon number=101, Archive, ctime=Sat Jun 5 12:05:12 2021, mtime=Thu May 16 08:34:36 2024, atime=Sat Jun 5 12:05:12 2021, length=331776, window=hide
File size
2.4 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
7fd4143acd32f843abd524076e42802ab785d390
SHA256
39e9f35b5c4172bb717126efe4ef73ddb7061287437e551715395779daba71c3
MD5
a0a36a807fe8c4dc0625b40f53741b8e

Signatures

Execution

T1204 suspicious_lnk: LNK file with suspicious content

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object