Managed XDR

c-users-user-appdata-r...startup-rrzjbnodod.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-users-user-appdata-roaming-microsoft-windows-start-menu-programs-startup-rrzjbnodod.lnk
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Normal, ctime=Wed Apr 11 23:34:59 2018, mtime=Fri Jan 31 12:31:28 2025, atime=Wed Apr 11 23:34:59 2018, length=61952, window=normalshowminimized
Размер файла
1.1 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
86b75454531407cf81a94b2b4c0b3e1ba80689d8
SHA256
9113d9f045e02db578aa8d0de4f7c42ebcc61bf810ee540d7e667398cc81df3e
MD5
89ab6e1ace98f33d11978eb8df3dad22

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
message_box: Displays a message
get_policy_info: Retrieves information about a Policy object