Managed XDR

c-users-user-appdata-l...tion-investigation.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-users-user-appdata-local-temp-jtoe2nor.duz-property-corruption-investigation.lnk
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has command line arguments, Icon number=4, Archive, ctime=Tue Jun 3 15:47:44 2025, mtime=Tue Nov 4 15:41:48 2025, atime=Tue Jun 3 15:47:44 2025, length=289792, window=hidenormalshowminimized
Размер файла
2 KB
Первое обнаружение
Последнее обнаружение

Окружение

w10/x86 en

Хеши

SHA1
591a61dfa4941dd1df502e001764caace07efbb2
SHA256
a8f1e6669f5658386f856ec4e1437c34aa9c4d83668b1348bf097a5a7861e696
MD5
644e4c9e4d78abca41876a960be46f02

Сигнатуры

Execution

T1204 suspicious_lnk: LNK file with suspicious content

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1202 lolbin_conhost: conhost.exe spawning unexpected processes via --headless argument
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
creates_suspended_process: Creates suspended process
writes_data: Writes big amount of data to disk
Managed XDR