Managed XDR

derya-atmc.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
derya-atmc.lnk
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has command line arguments, Icon number=79, Archive, ctime=Wed Jan 13 10:43:45 2021, mtime=Mon Aug 22 10:55:17 2022, atime=Wed Jan 13 10:43:45 2021, length=236544, window=hidenormalshowminimized
Размер файла
2.3 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
3ccc1cb96e973a71aaedf41196ba9b534ebc12e5
SHA256
b62337876d3bfb7c8e7988ca06f034e4108dce47afe78d4702ffc3b01c20849d
MD5
ba851851373351b790c6267d4dcf88bc

Сигнатуры

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1059 suspicious_cmd_arguments: Cmd.exe uses file as a data source for the standard input stream

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object