Managed XDR

7ff47f7f8ac7eee5d7985adc408d8742.virus — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
7ff47f7f8ac7eee5d7985adc408d8742.virus
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has command line arguments, Icon number=7, Archive, ctime=Sun Nov 21 03:24:03 2010, mtime=Sun Nov 21 03:24:03 2010, atime=Sun Nov 21 03:24:03 2010, length=302592, window=hidenormalshowminimized
Размер файла
1.6 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
1b9e244327d0acd5034a336ec05cc802af401b7f
SHA256
691fcdc3567fa7b056ec0197644b30201aa1f4a20eca0eb19612ac962da7f459
MD5
7ff47f7f8ac7eee5d7985adc408d8742

Сигнатуры

Execution

T1204 suspicious_lnk: LNK file with suspicious content

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object