Managed XDR

pdf_cee592a0-84fd-4b22...-97d0-f09934ed1369.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
pdf_cee592a0-84fd-4b22-97d0-f09934ed1369.lnk
Тип файла
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hide
Размер файла
2.9 KB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x64 en

Хеши

SHA1
dc54c8cea39c411412e485a433d62b44b0e1e224
SHA256
b0154203b9995234f62cfb19428b238e1b8f299d1152b4a9e0021bd2497d36ed
MD5
0c81d3b4bfdfd47c561d3eb091569ed9

Сигнатуры

Execution

T1059.001 suspicious_powershell: Creates suspicious PowerShell process
T1047 antivm_wmi: Uses WMI to detect virtual environment
T1047 has_wmi: Executes one or several WMI requests
T1059.001 suspicious_process: Spawns a suspicious process
T1059.001 url_cmdline: Cmdline of process contains URL
T1059.003 url_cmdline: Cmdline of process contains URL

Defense Evasion

T1218 suspicious_cmdline: Executes a suspicious command
T1497.001 antivm_wmi: Uses WMI to detect virtual environment
T1497.003 antisandbox_idletime: Detects Windows Idle Time to determine the uptime
T1497.001 antivm_generic_productname: Checks system product name in registry, possibly for anti-virtualization

Discovery

T1497.001 antivm_wmi: Uses WMI to detect virtual environment
T1497.003 antisandbox_idletime: Detects Windows Idle Time to determine the uptime
T1082 has_wmi: Executes one or several WMI requests
T1518 locates_browser: Attempts to identify where browsers are installed
T1497.001 antivm_generic_productname: Checks system product name in registry, possibly for anti-virtualization

Command and Control

T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet

Other

suspicious_process_network: Unusual process network activity detected
creates_suspended_process: Creates suspended process
test_check_service: Starts services
yara_rules: Static rules