Managed XDR
Group-IB MDP Report
File info
Filename: world-of-warships.lnk
File Type: MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hide
File Size: 2.2 KB
Env info
win7/x86 en
Hashes
SHA1: 649bb8d456adb627bac96112fcdc56c08365423e
SHA256: 4543a2d488ea5eee5972888b78bbf83b4c7a28079a596fe47099e93a0c7d4404
MD5: 06e74a9ea8ecc59aff091408d2338301
Signatures
Execution
T1204 suspicious_lnk: LNK file with suspicious content
T1059.001 url_cmdline: Cmdline of process contains URL
T1059.003 url_cmdline: Cmdline of process contains URL
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1218 suspicious_cmdline: Executes a suspicious command
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Credential Access
T1552 cookie_files: Accesses cookie files
T1555.003 cookie_files: Accesses cookie files
Discovery
T1518 locates_browser: Attempts to identify where browsers are installed
Command and Control
T1071.001 network_http: Performs HTTP requests
T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet
Other
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
suricata_alert: Malicious traffic detected
next report: 039c5164-41d6-4ba8-87e4-8417bf156d79
previous report: 18411141-6604-4751-ac25-d9146cac9232
Managed XDR