Managed XDR

c-programdata-microsof...ompatibility-mode-.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-programdata-microsoft-windows-start-menu-programs-ks-db-merge-tools-for-oracle-ks-db-merge-for-oracle-64-bit-compatibility-mode-.lnk
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Normal, ctime=Wed Apr 11 23:34:14 2018, mtime=Mon Feb 10 14:28:34 2025, atime=Wed Apr 11 23:34:14 2018, length=273920, window=hide
Размер файла
2.2 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x64 en

Хеши

SHA1
7be52aae4b61457ec08dc2d5a1276676803b1ac4
SHA256
a9ebee6f1a619afd81303058438ad829cad47c3c5370afd093a4c984b37842a0
MD5
d2a64870ac7dc14d2c113eb5fdda00fc

Сигнатуры

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1059.003 suspicious_cmd: Executes cmd.exe with a suspicious command line

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027 suspicious_cmd: Executes cmd.exe with a suspicious command line

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
yara_rules: Static rules