Managed XDR

ks-db-merge-for-oracle...ompatibility-mode-.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
ks-db-merge-for-oracle-32-bit-compatibility-mode-.lnk
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Normal, ctime=Wed Apr 11 23:34:49 2018, mtime=Tue Feb 11 09:02:47 2025, atime=Wed Apr 11 23:34:49 2018, length=232960, window=hide
Размер файла
2.2 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x64 en

Хеши

SHA1
9ef5903579ff143aa449dc9bbc9ada4002a274e2
SHA256
ba58b241481d7d62493f76c0afd2e32135a057f338872c59d304985b8e907464
MD5
9f1aa356b75eb121d4beb16475711884

Сигнатуры

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1059.003 suspicious_cmd: Executes cmd.exe with a suspicious command line

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027 suspicious_cmd: Executes cmd.exe with a suspicious command line

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
yara_rules: Static rules
Managed XDR