Managed XDR

john_doe.lnk — malware analysis report

File info

Filename
john_doe.lnk
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Sat May 17 10:56:31 2025, mtime=Tue May 20 17:54:29 2025, atime=Sat May 17 10:56:31 2025, length=376832, window=hide
File size
2 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
2258baf0ea6402bd68740a1e32945ed5359459ec
SHA256
1b4ee5a3da3372ac7269e5196124e3fdf7b54ab88201319c5a6a63c6e0c46c54
MD5
23230c3a042c6cf590e8d23c721fd74c

Signatures

Execution

T1204 suspicious_lnk: LNK file with suspicious content

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1140 unpacking_utilities: Uses Windows utilities to unpack data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
creates_in_windows: Creates files in the Windows directory
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object