Managed XDR

exposeii.docx.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
exposeii.docx.lnk
Тип файла
MS Windows shortcut, Item id list present, Has command line arguments, Icon number=13, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hidenormalshowminimized
Размер файла
1.6 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
55d934b225d2d4cc72641d832264c9795e120e61
SHA256
e66d904e03455a22b4342caf1f7d6bb096dcc179f975e1eeb67bb959b4d35165
MD5
2475ed26388cdf8c54be06466ee644bd

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed
T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
message_box: Displays a message
get_policy_info: Retrieves information about a Policy object
Managed XDR