Managed XDR
Group-IB MDP Report
File info
Filename: 278997863
File Type: MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has command line arguments, Icon number=3, Archive, ctime=Tue Apr 21 04:22:07 2020, mtime=Tue Apr 21 04:22:07 2020, atime=Tue Apr 21 04:22:07 2020, length=141824, window=hidenormalshowminimized
File Size: 2.5 KB
Env info
win7/x86 en
Hashes
SHA1: 008a48b583f5c250b04e58efb029c08ab7fee988
SHA256: d90b048e9db34c9c70225cef26436716afafc6a88df6bbf2405db6442d8474a0
MD5: 1ac5ded023f9b2fdd7a4b96a7b7572f3
Signatures
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Discovery
T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
Other
yara_rules: Static rules
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
message_box: Displays a message
get_policy_info: Retrieves information about a Policy object
next report: 4f6f6c0f-9a9a-412d-a643-702d1980c142
previous report: bd15516a-db70-4f60-989b-87657028cdf5
Managed XDR