Managed XDR
Group-IB MDP Report
File info
Filename: ead04653b02295acf8440d0b7ad5f9b1.virus
File Type: MS Windows shortcut, Item id list present, Has Relative path, Has command line arguments, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hide
File Size: 633 Bytes
Env info
win7/x86 en
Hashes
SHA1: 3865733578232f972060f25bda853ebc0e0b7098
SHA256: c05227be5f5bd7c1d358ca4a170fba1412a01d5ebe6b147634b2dcf1f33fca42
MD5: ead04653b02295acf8440d0b7ad5f9b1
Signatures
Execution
T1204 suspicious_lnk: LNK file with suspicious content
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Other
yara_rules: Static rules
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
next report: 4ed40311-a1de-4b61-a5b1-18b193794098
previous report: 34fdc320-72ae-4c9c-bcdd-44702e28d5be
Managed XDR