Managed XDR

solides-manual.pdf.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
solides-manual.pdf.lnk
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=11, Archive, ctime=Fri Sep 26 12:29:29 2025, mtime=Sat Oct 4 14:33:44 2025, atime=Fri Sep 26 12:29:29 2025, length=344064, window=hidenormalshowminimized
Размер файла
2.3 KB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x64 en

Хеши

SHA1
a28523e51ed7c67d2806c3e13cd0e17d28180bd2
SHA256
56138d0d5c4c919c3fbbe7d887708651120b0849d594ac3d5e0e326be128a4d6
MD5
5084ac06684a3e22facd8f0783ef9030

Сигнатуры

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1059.001 url_cmdline: Cmdline of process contains URL
T1059.003 url_cmdline: Cmdline of process contains URL
T1059.005 obfuscated_vbs: Detected obfuscated VBS

Defense Evasion

T1218 suspicious_cmdline: Executes a suspicious command
T1027 obfuscated_vbs: Detected obfuscated VBS

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Command and Control

T1105 cmdline_curl: Uses curl utility for network data transferring

Other

creates_exe: Creates executable files in the file system
http_file_not_found: Attempts to download EXE or DLL file but receives HTML with an error
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
creates_in_programdata: Creates files in the ProgramData directory
test_check_service: Starts services
suricata_alert: Malicious traffic detected
yara_rules: Static rules
Managed XDR