Managed XDR

c-users-user-appdata-l...365728345692837429.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-users-user-appdata-local-temp-3awawsup.jjo-3456278562365728345692837429.lnk
Тип файла
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=*Invalid time*, mtime=*Invalid time*, atime=*Invalid time*, length=0, window=hidenormalshowminimized
Размер файла
4.4 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x64 en

Хеши

SHA1
9a861ba8bbdbe736363797596b69b5878a7b4eca
SHA256
86e44732b5ef4e30e13063636bbb762cab2bc0b35a8373d8892c42e9951df9af
MD5
0ce2ee09981bf278731094e9c5bca59a

Сигнатуры

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1059.003 suspicious_cmd: Executes cmd.exe with a suspicious command line

Privilege Escalation

T1055 injection_failed: The attempt to inject into a process has failed

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027 suspicious_cmd: Executes cmd.exe with a suspicious command line
T1055 injection_failed: The attempt to inject into a process has failed

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Collection

T1560.001 archive_via_utility: Detected archiving data via utility

Other

creates_exe: Creates executable files in the file system
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
yara_rules: Static rules