Managed XDR

c-users-user-appdata-r...-ac37-8b6304d4ba1b.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-users-user-appdata-roaming-microsoft-windows-start-menu-programs-startup-10879148-2630-6c83-ac37-8b6304d4ba1b.lnk
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Normal, ctime=Wed Apr 11 23:35:26 2018, mtime=Sun Feb 2 04:50:51 2025, atime=Wed Apr 11 23:35:26 2018, length=447488, window=hidenormalshowminimized
Размер файла
1.4 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
9bf5b553ff75f7d1aa6ca1a4bc57a6b2bf390e96
SHA256
9e89ebbb76f0a6b27049d762fce57a92de37172d3770984a83161214e9959b41
MD5
8bcc031a94fa98b86c6ac1433a39fc68

Сигнатуры

Execution

T1059.001 suspicious_powershell: Creates suspicious powershell process
T1059.001 suspicious_process: Spawns a suspicious process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object