ScreenShot
Created | 2024.08.06 15:06 | Machine | s1_win7_x6401 |
Filename | MS_calendar.lnk | ||
Type | MS Windows shortcut, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sun Aug 4 14:17:22 2024, mtime=Sun Jun 30 18:33:05 2024, atime=Sun Jun 30 18:33:05 2024, length=101888, window=hidenormalshowminim | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 1 detected () | ||
md5 | 88a0d644536b00f6d49bd9891223784c | ||
sha256 | bd61dfd251ec841aa098482542125798e34d7382a4b3a730dafe4ffef571a6ed | ||
ssdeep | 48:8qDuui7Z6RIZDuu2A/TDuuh3PN73c8Duup/TDuu:8qDhIZDh28DhhVDc8DhVDh | ||
imphash | |||
impfuzzy |
Network IP location
Signature (7cnts)
Level | Description |
---|---|
watch | Communicates with host for which no DNS query was performed |
notice | Checks adapter addresses which can be used to detect virtual network interfaces |
notice | Creates a shortcut to an executable file |
notice | File has been identified by one AntiVirus engine on VirusTotal as malicious |
notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
info | Command line console output was observed |
info | Queries for the computername |
Rules (2cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | lnk_file_format | Microsoft Windows Shortcut File Format | binaries (upload) |
info | Lnk_Format_Zero | LNK Format | binaries (upload) |
Suricata ids
ET INFO Executable Download from dotted-quad Host
ET HUNTING WebDAV Retrieving .exe
ET HUNTING WebDAV Retrieving .exe