Managed XDR

c-documents-and-settin...k-for-updates.lnk-copy — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-documents-and-settings-all-users-application-data-application-data-application-data-application-...ication-data-application-data-application-data-start-menu-programs-java-check-for-updates.lnk-copy
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Icon number=0, Archive, ctime=Wed Dec 4 15:31:54 2024, mtime=Tue Mar 11 21:32:39 2025, atime=Wed Dec 4 15:31:54 2024, length=105600, window=hide
Размер файла
7.1 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
9d4531e0be3406ad8c4b2142e7e886f649395546
SHA256
ce7b44123a7e841751e64f88d61625e98e7459e7f7fbd98927ef6533407d6ef5
MD5
d5cb4b46c83de8033253268140abeb8e

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
create_process_failed: Could not start the process
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object