Managed XDR

c-users-user-appdata-r...s-startup-eqossnap.lnk — malware analysis report

File info

Filename
c-users-user-appdata-roaming-microsoft-windows-start-menu-programs-startup-eqossnap.lnk
File type
MS Windows shortcut, Item id list present, Has Relative path, Has command line arguments, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hide
File size
1 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
82c905eced8599a1e7673b6c886cc130b46c33a3
SHA256
13a61ceaa73fc8333c47ea06194bcaba9fd96e98a4bfba4760c500403b791ebe
MD5
e6f1cc7ffac514747dbb473b58cfc9b9

Signatures

Execution

T1059.005 mshta_vbscript: Runs VBScript using mshta
T1059.003 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1218.005 mshta_vbscript: Runs VBScript using mshta
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object