Managed XDR

fontupdate.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
fontupdate.lnk
Тип файла
MS Windows shortcut, Item id list present, Has Relative path, Has command line arguments, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=
Размер файла
974 Bytes
Первое обнаружение
Последнее обнаружение

Окружение

w10/x86 en

Хеши

SHA1
5cd5f08c3cdf464fb19435aadec9652da53e48a1
SHA256
cdc54555480ff5316ae74c8d77d335a198dde5e179893873b9ecbc40c3183e06
MD5
785977670b62e3ac6f474a552aff3827

Сигнатуры

Execution

T1204 suspicious_lnk: LNK file with suspicious content

Persistence

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup

Privilege Escalation

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
suspicious_network_port: Performs TCP or UDP request to non-standard port
writes_data: Writes big amount of data to disk
yara_rules: Static rules
Managed XDR