Managed XDR

conhost.exe.lnk — malware analysis report

File info

Filename: conhost.exe.lnk
File type: MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Wed Dec 11 05:08:47 2024, mtime=Mon Nov 3 03:31:52 2025, atime=Wed Dec 11 05:08:48 2024, length=867840, window=hide
File size: 1.4 KB
First seen: 2025-11-03 04:44
Last seen: 2025-11-03 04:44

w11/x64 en

T1203 suspicious_msapp: Suspicious execution of Microsoft Application (possible exploitation)

T1574.011 persistence_services: Modifies Services registry key

T1543.003 persistence_services: Modifies Services registry key

T1574.011 persistence_services: Modifies Services registry key

T1543.003 persistence_services: Modifies Services registry key

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions

T1574.011 persistence_services: Modifies Services registry key

T1202 lolbin_conhost: conhost.exe spawning unexpected processes via --headless argument

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

create_rpc_bindings: Creates RPC connection

creates_suspended_process: Creates suspended process

test_check_service: Starts services

yara_rules: Static rules

Managed XDR