Managed XDR

john_doe.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
john_doe.lnk
Тип файла
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Sat May 17 10:56:31 2025, mtime=Tue May 20 17:54:29 2025, atime=Sat May 17 10:56:31 2025, length=376832, window=hide
Размер файла
2 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
4dc525e4d58ae8e6d715b085f40031244472a38a
SHA256
834672ca3fe64f8c4a3d202df62226cf89d0c49a9ac2f5f5ef1fd4d870604eef
MD5
7f5f21c4ec426fe2d4c9aa01b235fa72

Сигнатуры

Execution

T1204 suspicious_lnk: LNK file with suspicious content

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1140 unpacking_utilities: Uses Windows utilities to unpack data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

yara_rules: Static rules
creates_in_windows: Creates files in the Windows directory
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object