Managed XDR

c-programdata-microsof...ompatibility-mode-.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-programdata-microsoft-windows-start-menu-programs-ks-db-merge-tools-for-postgresql-ks-db-merge-for-postgresql-32-bit-compatibility-mode-.lnk
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Wed Oct 6 13:52:15 2021, mtime=Mon Feb 3 22:25:16 2025, atime=Wed Oct 6 13:52:15 2021, length=236544, window=hide
Размер файла
2.2 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x64 en

Хеши

SHA1
aa7408577e2d8a25a072a5249041bb5eccc64c0d
SHA256
e3d63babb7f08ea274e3f73c40591077b778d96d93cb9fe8c894131db7a39b32
MD5
9325f49d2a8e6a51157ac730a46b4894

Сигнатуры

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1059.003 suspicious_cmd: Executes cmd.exe with a suspicious command line

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027 suspicious_cmd: Executes cmd.exe with a suspicious command line

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
yara_rules: Static rules