Managed XDR

c-users-user-appdata-l...-mycye04v.cox-.hwp.lnk — malware analysis report

File info

Filename
c-users-user-appdata-local-temp-mycye04v.cox-.hwp.lnk
File type
MS Windows shortcut, Has Description string, Has command line arguments, Icon number=0, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hidenormalshowminimized
File size
966.8 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
305246b52f043f021761f7010fe5794fca3c88bc
SHA256
135696c7a5b543ce2ab4a6aac7615d4fdce261c3c7097bea738ba46bcd948660
MD5
6a4c3256ff063f67d3251d6dd8229931

Signatures

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1140 unpacking_utilities: Uses Windows utilities to unpack data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
yara_rules: Static rules