Managed XDR

dicom.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
dicom.lnk
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has command line arguments, Icon number=3, Archive, ctime=Sun Nov 21 03:23:55 2010, mtime=Sun Nov 21 03:23:55 2010, atime=Sun Nov 21 03:23:55 2010, length=345088, window=hidenormalshowminimized
Размер файла
1.8 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
9677d1e466294a42ad228e34b31b229ac710036b
SHA256
49b14a9d64df9b8ac6b232889d4637f1af209e3fcd7379f598722e13f7fb53c9
MD5
0fa4750271597bb7bb91bbe5cae2263a

Сигнатуры

Execution

T1204 suspicious_lnk: LNK file with suspicious content

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036 copies_utilities: Copies and runs system utility with different name
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1552.001 infostealer_bitcoin: Attempts to obtain access to Bitcoin/ALTCoin wallets

Other

creates_exe: Creates executable files in the file system
executes_dropped_exe: Executes dropped exe files
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
yara_rules: Static rules
Managed XDR