Skip to content

Hide Navigation Hide TOC

Suspicious LNK Double Extension File Created (3215aa19-f060-4332-86d5-5602511f3ca8)

Detects the creation of files with an "LNK" as a second extension. This is sometimes used by malware as a method to abuse the fact that Windows hides the "LNK" extension by default.

Cluster A Galaxy A Cluster B Galaxy B Level
Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e) Attack Pattern Suspicious LNK Double Extension File Created (3215aa19-f060-4332-86d5-5602511f3ca8) Sigma-Rules 1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e) Attack Pattern 2