Managed XDR

reziume.lnk — malware analysis report

File info

Filename
reziume.lnk
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has Working directory, Has command line arguments, Icon number=4, Archive, ctime=Wed May 15 09:59:14 2024, mtime=Thu Mar 13 08:35:51 2025, atime=Wed May 15 09:59:14 2024, length=289792, window=hide
File size
2.9 KB
First seen
Last seen

Environment

win7/x64 en

Hashes

SHA1
ee5712f5c7d06a73769d951b27eef82873cf269d
SHA256
f8f18e2fbb30de3c6d6af1598ecdabeb99a4cd6c2cfb0ffc212318788ae3d453
MD5
3f62f8f429c27203b83e2a01464cf845

Signatures

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1047 antivm_wmi: Uses WMI to detect virtual environment
T1047 has_wmi: Executes one or several WMI requests

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1497.001 antivm_wmi: Uses WMI to detect virtual environment

Credential Access

T1555.003 cookie_files: Accesses cookie files
T1552 cookie_files: Accesses cookie files

Discovery

T1082 has_wmi: Executes one or several WMI requests
T1497.001 antivm_wmi: Uses WMI to detect virtual environment

Other

unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
yara_rules: Static rules