Managed XDR

c-users-user-appdata-l...q.pgn-dobavlenye_2.lnk — malware analysis report

File info

Filename
c-users-user-appdata-local-temp-pdofmt3q.pgn-dobavlenye_2.lnk
File type
MS Windows shortcut, Item id list present, Has Working directory, Has command line arguments, Icon number=1, Archive, ctime=Mon Feb 17 13:38:33 2025, mtime=Mon Feb 17 13:38:33 2025, atime=Mon Feb 17 13:38:33 2025, length=32, window=hidenormalshowminimized
File size
727 Bytes
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
cca242e7ebe441729f88ee834b4ea4e4a2d61c35
SHA256
20990adae86260cee4d51afc5c1263ee70a6e4ac016350d63c5d4523e3d86022
MD5
6516b374f4abfd30e365891286496570

Signatures

Execution

T1204 suspicious_lnk: LNK file with suspicious content

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1503 infostealer_browser: Retrieves personal information from local Internet browsers
T1552 infostealer_browser: Retrieves personal information from local Internet browsers
T1552 infostealer_mail: Collects personal data from local email clients
T1552 cookie_files: Accesses cookie files
T1555.003 cookie_files: Accesses cookie files
T1555.004 windows_credential_manager: Acquire credentials from the Windows Credential Manager

Discovery

T1083 crawls_directories: Opens a huge number of directories all over disk C: (possibly, searches for sensitive data)

Collection

T1114 infostealer_mail: Collects personal data from local email clients

Other

unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
yara_rules: Static rules
Managed XDR