Managed XDR

c-users-user-appdata-l...1u1ne.syi-test.pdf.lnk — malware analysis report

File info

Filename
c-users-user-appdata-local-temp-4v01u1ne.syi-test.pdf.lnk
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=28, Archive, ctime=Sun Oct 19 15:17:29 2025, mtime=Wed Nov 5 16:59:43 2025, atime=Sun Oct 19 15:17:29 2025, length=289792, window=hidenormalshowminimized
File size
2.3 KB
First seen
Last seen

Environment

w10/x86 en

Hashes

SHA1
7285e3e20755ad6b6a5601c46beb2f5a7cecbc7f
SHA256
6eb05d77e7d9dd53b78a6125eedcf798655eb052a0becfd3e5ab53f076cb25ef
MD5
3e4462fe02f2ceb760b7193e63136157

Signatures

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1059.001 url_cmdline: Cmdline of process contains URL
T1059.003 url_cmdline: Cmdline of process contains URL

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1218 suspicious_cmdline: Executes a suspicious command
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Command and Control

T1105 cmdline_curl: Uses curl utility for network data transferring

Other

network_bind: Starts servers listening at 127.0.0.1:0
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
writes_data: Writes big amount of data to disk
yara_rules: Static rules
Managed XDR