ScreenShot
| Created | 2024.08.06 15:06 | Machine | s1_win7_x6401 |
| Filename | MS_calendar.lnk | ||
| Type | MS Windows shortcut, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sun Aug 4 14:17:22 2024, mtime=Sun Jun 30 18:33:05 2024, atime=Sun Jun 30 18:33:05 2024, length=101888, window=hidenormalshowminim | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 1 detected () | ||
| md5 | 88a0d644536b00f6d49bd9891223784c | ||
| sha256 | bd61dfd251ec841aa098482542125798e34d7382a4b3a730dafe4ffef571a6ed | ||
| ssdeep | 48:8qDuui7Z6RIZDuu2A/TDuuh3PN73c8Duup/TDuu:8qDhIZDh28DhhVDc8DhVDh | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Creates a shortcut to an executable file |
| notice | File has been identified by one AntiVirus engine on VirusTotal as malicious |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| info | Command line console output was observed |
| info | Queries for the computername |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | lnk_file_format | Microsoft Windows Shortcut File Format | binaries (upload) |
| info | Lnk_Format_Zero | LNK Format | binaries (upload) |
Suricata ids
ET INFO Executable Download from dotted-quad Host
ET HUNTING WebDAV Retrieving .exe
ET HUNTING WebDAV Retrieving .exe