Managed XDR

c-programdata-microsof...ompatibility-mode-.lnk — malware analysis report

File info

Filename
c-programdata-microsoft-windows-start-menu-programs-ks-db-merge-tools-for-postgresql-ks-db-merge-for-postgresql-64-bit-compatibility-mode-.lnk
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Normal, ctime=Wed Apr 11 23:34:14 2018, mtime=Mon Feb 10 16:22:52 2025, atime=Wed Apr 11 23:34:14 2018, length=273920, window=hide
File size
2.2 KB
First seen
Last seen

Environment

win7/x64 en

Hashes

SHA1
6f05c2963de6ff3e238124c55c0ac343ec7e3e92
SHA256
1679c105236454b967f02a0714dfdb2be2470675a4b5fbadf0f6f949065823fe
MD5
dfca327e541403bfb2d154c91344c557

Signatures

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1059.003 suspicious_cmd: Executes cmd.exe with a suspicious command line

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027 suspicious_cmd: Executes cmd.exe with a suspicious command line

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
yara_rules: Static rules