Managed XDR

vtdl_1748652630_azucwjjx — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
vtdl_1748652630_azucwjjx
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Working directory, Has command line arguments, Icon number=8, Archive, ctime=Tue Oct 7 04:44:50 2014, mtime=Tue Oct 7 04:49:43 2014, atime=Mon Apr 14 20:00:00 2008, length=498688, window=hidenormalshowminimized
Размер файла
1.4 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
77f3c11592b7f2ff3a20180549d7f92c40d64217
SHA256
439a5f2c9cd4be76fa664dc9a0391626592a3e51a451497652b0ac3c6bb5536c
MD5
079ae9926ca11e46e81dc7a5d39863a4

Сигнатуры

Execution

T1204 suspicious_lnk: LNK file with suspicious content

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object