Managed XDR

payload.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла: payload.lnk
Тип файла: MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=11, Archive, ctime=Wed Jan 13 07:03:16 2021, mtime=Fri Nov 14 12:37:35 2025, atime=Wed Jan 13 07:03:16 2021, length=289792, window=hidenormalshowminimized
Размер файла: 12.2 KB
Первое обнаружение: 2025-11-14 14:18
Последнее обнаружение: 2025-11-14 14:18

w10/x86 en

T1059.001 suspicious_powershell: Creates suspicious powershell process

T1204 suspicious_lnk: LNK file with suspicious content

T1059 powershell_cmd_longcommandline: Suspiciously long commandline

T1047 has_wmi: Executes one or several WMI requests

T1059.001 suspicious_process: Spawns a suspicious process

T1059.003 suspicious_cmd: Executes cmd.exe with a suspicious command line

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

T1027 suspicious_cmd: Executes cmd.exe with a suspicious command line

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

T1218 suspicious_cmdline_keywords: Cmdline with suspicious keywords

T1518 locates_browser: Attempts to identify where browsers are installed

T1095 network_icmp: Creates ICMP traffic

dead_host: Connects to IP addresses that do not respond to requests

network_powershell: Powershell process network connection detected

no_graphical_activity: No graphic activity

creates_suspended_process: Creates suspended process

writes_data: Writes big amount of data to disk

yara_rules: Static rules

Managed XDR