Managed XDR

c-users-user-appdata-l...000.tmp-free-robux.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-users-user-appdata-local-temp-ixp000.tmp-free-robux.lnk
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Wed Mar 5 00:34:05 2025, mtime=Thu Apr 3 17:47:30 2025, atime=Wed Mar 5 00:34:05 2025, length=323584, window=hide
Размер файла
1.4 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
7f18152a6d336f61bbdd071c5cf56285d0884b76
SHA256
21d82ad3ba0fc8737adf182a99bf90c6fe844cbc03afc4612d1c13f0af381ca4
MD5
8025cf703b19bcb853d7399739e337cc

Сигнатуры

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1047 has_wmi: Executes one or several WMI requests

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1055 injection_failed: The attempt to inject into a process has failed

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1055 injection_failed: The attempt to inject into a process has failed

Credential Access

T1056.001 infostealer_keylogger: Keylogger (intercepts keystrokes)

Discovery

T1082 uses_windows_utilities: Uses Windows utilities for basic Windows functionality
T1082 reads_csrss: Attempts to read csrss.exe memory

Collection

T1560.001 archive_via_utility: Detected archiving data via utility
T1056.001 infostealer_keylogger: Keylogger (intercepts keystrokes)

Impact

T1529 shutdown_system: Shuts the system down

Other

kills_explorer: Terminates explorer.exe process
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
yara_rules: Static rules