Managed XDR

myalbum1.lnk — malware analysis report

File info

Filename
myalbum1.lnk
File type
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=-3, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hidenormalshowminimized
File size
2.6 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
b7ccc2410cce882fac9ef483b6736d4e84b7498e
SHA256
e762fc903532ee624e8f55883d98134b47fd5e34a357066de8c88ec638eba4d6
MD5
3a9e18943e7983cc0f4e59c44cc17d98

Signatures

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1204 suspicious_lnk: LNK file with suspicious content
T1059.001 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
Managed XDR