c-users-user-appdata-local-temp-xt1vbeps.1p3-comprovantesantander49-816081.1111.pdf.lnk

Managed XDR

Group-IB MDP Report

File info

Filename: c-users-user-appdata-local-temp-xt1vbeps.1p3-comprovantesantander49-816081.1111.pdf.lnk

File Type: MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Thu Dec 5 01:31:32 2024, mtime=Thu Dec 5 01:31:32 2024, atime=Thu Dec 5 01:31:32 2024, length=450560, window=hide

File Size: 1.5 KB

Env info

win7/x86 en

Hashes

SHA1: 1c2a841dc24105ffff96333ca74b91b400451570

SHA256: 5395ad53f0e78fd73720c612e6830dd1fe6f4798d117e75b486ce4c58ccb0c97

MD5: 5d006c7bd61688a49ed41603b0acd2d8

Signatures

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process

T1204 suspicious_lnk: LNK file with suspicious content

T1059.001 suspicious_process: Spawns a suspicious process

T1059.001 url_cmdline: Cmdline of process contains URL

T1059.003 url_cmdline: Cmdline of process contains URL

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1218 suspicious_cmdline: Executes a suspicious command

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules

unexpected_exception: Unexpected exception

no_graphical_activity: No graphic activity

creates_suspended_process: Creates suspended process

get_policy_info: Retrieves information about a Policy object

next report: 09db5566-273d-4e58-b891-11bca5452060

previous report: 904c1c49-85af-4f64-89b9-1fd4630e5ea4

Managed XDR