Managed XDR

resume.pdf-.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
resume.pdf-.lnk
Тип файла
MS Windows shortcut, Item id list present, Has Working directory, Has command line arguments, ctime=Fri Mar 21 23:27:25 2025, mtime=Fri Mar 21 23:27:25 2025, atime=Fri Mar 21 23:27:25 2025, length=0, window=hidenormalshowminimized
Размер файла
1.3 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
ade4ef2aa020da46a23a25e3ba185a3319b3c36f
SHA256
66b30e2196cf6211690722a2c3c0441ccf7cea90a2b2a9522e03dff86af013d7
MD5
9aba84b7a5d4b666831e0a47afd28c23

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antivm_disk_size: Checks the amount of free disk space
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_disk_size: Checks the amount of free disk space
T1083 crawls_directories: Opens a huge number of directories all over disk C: (possibly, searches for sensitive data)
T1518 locates_browser: Attempts to identify where browsers are installed

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process