Managed XDR

c-users-user-appdata-l...wf-ramd-uwf-enable.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
c-users-user-appdata-local-temp-4eld0mwe.jrm-2_uwf-monitors-2024-01-11_uwf_2.2_imdisk-.uwf-ramd-uwf-enable.lnk
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=2, Archive, ctime=Sat Jun 5 12:05:12 2021, mtime=Wed Jun 22 09:35:52 2022, atime=Sat Jun 5 12:05:12 2021, length=331776, window=hide
Размер файла
3 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x64 en

Хеши

SHA1
30bd124a8bdb7821e4887571464a85e071c59ac7
SHA256
afbc66b60fe01ae48e84459eabfd74ca2322eff1d996c301ce9a132a1099a6c6
MD5
8e9092a7c6a73c1e1965bc5cad29c9f4

Сигнатуры

Execution

T1204 suspicious_lnk: LNK file with suspicious content
T1059.003 suspicious_cmd: Executes cmd.exe with a suspicious command line

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027 suspicious_cmd: Executes cmd.exe with a suspicious command line

Other

unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
yara_rules: Static rules