Managed XDR
Group-IB MDP Report
File info
Filename: c-users-user-appdata-local-temp-0qxxuqmy.oxt-curriculo_vitacurric1412_8r42se0iqo_dez_vitacurric1412.lnk
File Type: MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hidenormalshowminimized
File Size: 1.4 KB
Env info
win7/x86 en
Hashes
SHA1: b3c5eb5f1c245a3d38d86ff50f2d602c8740aac1
SHA256: 059185e3d9c651f10ff53e05ee5070155f0bdff77f003deaa320e46744a22053
MD5: 1e92fc955dde69fd655455f4f539e645
Signatures
Execution
T1059.007 mshta_javascript: Runs JavaScript using mshta
T1059.003 suspicious_process: Spawns a suspicious process
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Credential Access
T1552 cookie_files: Accesses cookie files
T1555.003 cookie_files: Accesses cookie files
Command and Control
T1071.001 network_http: Performs HTTP requests
T1102.003 cloud_github: Connects to cloud services of Github (potentially for malicious payload delivery)
T1071.001 winhttp_https: Performs HTTP/HTTPS requests using WinHttp
T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet
Other
yara_rules: Static rules
modifies_certs: Attempts to generate or modify system certificates
suspicious_process_network: Unusual process network activity detected
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
next report: eaae6d76-111a-46d1-8c8a-b3eb058c4834
previous report: 083674bd-684d-4068-8170-208fe938d0a5
Managed XDR