Trojan:Win64/Lazy.AHC!MTB - Windows Defender Threat Analysis

Trojan:Win64/Lazy.AHC!MTB is a concrete detection of a Win64 Trojan from the 'Lazy' family. Identified through machine learning behavioral analysis, this threat exhibits malicious behaviors typically associated with Trojans, such as unauthorized access, data theft, or system manipulation.

No specific strings found for this threat

rule Trojan_Win64_Lazy_AHC_2147946023_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Win64/Lazy.AHC!MTB"
        threat_id = "2147946023"
        type = "Trojan"
        platform = "Win64: Windows 64-bit platform"
        family = "Lazy"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
        threshold = "5"
        strings_accuracy = "Low"
    strings:
        $x_3_1 = {48 ff c0 48 31 c2 48 8d 05 ?? ?? ?? 00 48 c7 00 00 00 00 00 48 01 38 48 8d 05 ?? ?? ?? 00 48 c7 00 00 00 00 00 4c 01 38 48 89 d0 48 8d 05 ?? ?? ?? 00 48 89 28 48 01 c2 48 31 c0}  //weight: 3, accuracy: Low
        $x_2_2 = {48 31 c2 48 31 c2 48 8d 05 ?? ?? 02 00 48 c7 00 00 00 00 00 48 01 18 48 29 c2 48 83 f2 09 48 8d 05 ?? ?? 02 00 4c 89 00}  //weight: 2, accuracy: Low
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Immediately isolate the infected system to prevent further compromise. Perform a full system scan with updated antivirus software to remove or quarantine the detected malicious file, then investigate for any persistence mechanisms, unauthorized system changes, or signs of data exfiltration.