Managed XDR

ink.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
ink.lnk
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=0, Archive, ctime=Sat Dec 7 02:04:06 2024, mtime=Mon Jan 20 08:55:52 2025, atime=Sat Dec 7 02:04:06 2024, length=339968, window=normal
Размер файла
1.9 MB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x86 en

Хеши

SHA1
d1e9a77c689d1c2824385d29e2de737879b18b26
SHA256
71a1205be3600bea40d04bd377d79132ee7d59ef54966f7f9e02ba4bb4ec5b30
MD5
e1669774344e53c1d7c46d1fdbae0ff3

Сигнатуры

Execution

T1204 suspicious_lnk: LNK file with suspicious content

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1574 dropper_dll: Creates DLL, which is then loaded into the process

Defense Evasion

T1140 unpacking_utilities: Uses Windows utilities to unpack data
T1070.004 self_removal_command: Executes command to delete itself
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1574 dropper_dll: Creates DLL, which is then loaded into the process

Credential Access

T1552 infostealer_ftp: Collects data from local FTP clients

Other

creates_in_windows: Creates files in the Windows directory
creates_exe: Creates executable files in the file system
executes_dropped_exe: Executes dropped exe files
creates_suspended_process: Creates suspended process
checktokenmembership: Checks user token with CheckTokenMembership call
writes_data: Writes big amount of data to disk
yara_rules: Static rules
Managed XDR