Managed XDR

c-users-user-appdata-l...s-brief-brief.docx.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-users-user-appdata-local-temp-1cadft20.0cs-brief-brief.docx.lnk
Тип файла
MS Windows shortcut, Item id list present, Has Description string, Has command line arguments, Icon number=1, ctime=Mon Nov 10 15:06:42 2025, mtime=Mon Nov 10 15:06:42 2025, atime=Mon Nov 10 15:06:42 2025, length=0, window=hidenormalshowminimized
Размер файла
131.9 KB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x86 en

Хеши

SHA1
5809f8a1a0736dc34e5bc1c729148561ea41b896
SHA256
39fdff2ea1a5e2b6151eccc89ca6d2df33b64e09145768442cec93a578f1760c
MD5
1a677e0ce4c10840c09d8d414b3a8f5c

Сигнатуры

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process
T1204.002 office_com_load: Microsoft Office loads COM DLL files (indicator of COM usage in macros)

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1564.001 stealth_file: Creates hidden or system files
T1497.003 antisandbox_idletime: Detects Windows Idle Time to determine the uptime
T1140 unpacking_utilities: Uses Windows utilities to unpack data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1555.004 windows_credential_manager: Acquire credentials from the Windows Credential Manager

Discovery

T1497.003 antisandbox_idletime: Detects Windows Idle Time to determine the uptime
T1518 locates_browser: Attempts to identify where browsers are installed

Other

opens_document: Opens office documents
creates_doc: Creates (office) documents in the file system
creates_suspended_process: Creates suspended process
creates_in_programdata: Creates files in the ProgramData directory
test_check_service: Starts services
writes_data: Writes big amount of data to disk
yara_rules: Static rules
dotnet_suspicious_cultureidentifier: Dotnet program contains invalid CultureIdentifier