Managed XDR

c-users-user-appdata-l...m-loft-mylib-error.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-users-user-appdata-local-temp-5kjdaonr.4pa-sbm-program_-23-sbm-loft-mylib-error.lnk
Тип файла
MS Windows shortcut, Item id list present, Has command line arguments, Icon number=3, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hide
Размер файла
672 Bytes
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
937e85e41f9607034e5283b0e7ed5369bdb40cc8
SHA256
ac8e73806b857d6fe1fab50a91c98f8f186e0731a867796d6ba2cea5184d54c3
MD5
ca2e17ff4e234474203b7bcb0f4b1be3

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
message_box: Displays a message
get_policy_info: Retrieves information about a Policy object