Managed XDR

c-users-user-appdata-l....nfa-documentation.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-users-user-appdata-local-temp-ffarurmr.nfa-documentation.lnk
Тип файла
MS Windows shortcut, Item id list present, Has Description string, Has Working directory, Has command line arguments, ctime=Fri Nov 7 07:44:03 2025, mtime=Fri Nov 7 07:44:03 2025, atime=Fri Nov 7 07:44:03 2025, length=0, window=hide
Размер файла
9.6 KB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x86 en

Хеши

SHA1
445e9c40a4e567ddbaa7c9903f03eeb849d86598
SHA256
0011b27a0ce3c12f72dd92e58e90bfe2983088bf4d0d5488d0861ed3562e100b
MD5
2faa94b9c5d544932c60fa7a0cbf15ad

Сигнатуры

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

dead_host: Connects to IP addresses that do not respond to requests
creates_suspended_process: Creates suspended process
writes_data: Writes big amount of data to disk
yara_rules: Static rules
Managed XDR