Malicious
Malicious

a3df647a5fea4a7749c3ac4ca46fddb4

ZIP Archive
|
MD5: a3df647a5fea4a7749c3ac4ca46fddb4
|
Size: 980 B
|
application/zip

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
a3df647a5fea4a7749c3ac4ca46fddb4
Sha1
ac90059b2da8638e7f0dbc4769f92abf7f37f3b8
Sha256
c6fa16127e3ed367122d1a708e7467da1bd0bcfcf52e9ba96db9f0003d8ca73d
Sha384
56af89a22ff0190ec7c803e3ac0277fb0988daa3bd209408bf19ff7ad85bf728a3ffb2fa2c19bc186718604734c80f5f
Sha512
4c36befcea969f82572f6cf584caeaabc23a6220280d6ffaae048ff01d545052d446c4e367b7b1b122af2d6f6621ad824e10c2815da7f238a06850df26075b2d
SSDeep
24:9wDHC1Zfrc7I6MLXPWPoeKrZI9ece5cvE8tISOAmzx9DHt:90HCPrWsx4ecmccppBHt
TLSH
1511C877C1912923FB4913F500AFB3EC9ECD4DD4085DA89421789B036C0F5402B7B9E9
File Structure
a3df647a5fea4a7749c3ac4ca46fddb4
Malicious
Adobe_Reader928097.bat
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

[Unmanaged(ErrorExpressionAst)] "Bypass" -WindowStyle [Unmanaged(ErrorExpressionAst)] "Hidden" -File "%PS1%" :: "Optional:" "clean" "up" "the" "temp" "PS1" Remove-Item "%PS1%" endlocal exit /b
Deobfuscated PowerShell

powershell "HIDDEN" (no "WINDOW") :: "=========================================================" powershell -NoProfile -ExecutionPolicy "Bypass" -WindowStyle "Hidden" -File "%PS1%" :: "Optional:" "clean" "up" "the" "temp" "PS1" Remove-Item "%PS1%" endlocal exit /b
Deobfuscated PowerShell

"HIDDEN" (no "WINDOW") :: "=========================================================" powershell -NoProfile -ExecutionPolicy "Bypass" -WindowStyle "Hidden" -File "%PS1%" :: "Optional:" "clean" "up" "the" "temp" "PS1" Remove-Item "%PS1%" endlocal exit /b
Deobfuscated PowerShell

powershell "HIDDEN" (no "WINDOW") :: "=========================================================" powershell -NoProfile -ExecutionPolicy "Bypass" -WindowStyle "Hidden" -File "%PS1%" :: "Optional:" "clean" "up" "the" "temp" "PS1" Remove-Item "%PS1%" endlocal exit /b
Deobfuscated PowerShell

powershell "HIDDEN" (no "WINDOW") :: "=========================================================" powershell -NoProfile -ExecutionPolicy "Bypass" -WindowStyle "Hidden" -File "%PS1%" :: "Optional:" "clean" "up" "the" "temp" "PS1" Remove-Item "%PS1%" endlocal exit /b
a3df647a5fea4a7749c3ac4ca46fddb4 (980 B)
File Structure
a3df647a5fea4a7749c3ac4ca46fddb4
Malicious
Adobe_Reader928097.bat
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Deobfuscated PowerShell

[Unmanaged(ErrorExpressionAst)] "Bypass" -WindowStyle [Unmanaged(ErrorExpressionAst)] "Hidden" -File "%PS1%" :: "Optional:" "clean" "up" "the" "temp" "PS1" Remove-Item "%PS1%" endlocal exit /b

Malicious

a3df647a5fea4a7749c3ac4ca46fddb4 > Adobe_Reader928097.bat > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command]
Deobfuscated PowerShell

powershell "HIDDEN" (no "WINDOW") :: "=========================================================" powershell -NoProfile -ExecutionPolicy "Bypass" -WindowStyle "Hidden" -File "%PS1%" :: "Optional:" "clean" "up" "the" "temp" "PS1" Remove-Item "%PS1%" endlocal exit /b

Malicious

a3df647a5fea4a7749c3ac4ca46fddb4 > Adobe_Reader928097.bat > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [PowerShell Command]
Deobfuscated PowerShell

"HIDDEN" (no "WINDOW") :: "=========================================================" powershell -NoProfile -ExecutionPolicy "Bypass" -WindowStyle "Hidden" -File "%PS1%" :: "Optional:" "clean" "up" "the" "temp" "PS1" Remove-Item "%PS1%" endlocal exit /b

Malicious

a3df647a5fea4a7749c3ac4ca46fddb4 > Adobe_Reader928097.bat > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command]
Deobfuscated PowerShell

powershell "HIDDEN" (no "WINDOW") :: "=========================================================" powershell -NoProfile -ExecutionPolicy "Bypass" -WindowStyle "Hidden" -File "%PS1%" :: "Optional:" "clean" "up" "the" "temp" "PS1" Remove-Item "%PS1%" endlocal exit /b

Malicious

a3df647a5fea4a7749c3ac4ca46fddb4 > Adobe_Reader928097.bat > [PowerShell Command] > [PowerShell Command] > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [PowerShell Command]
Deobfuscated PowerShell

powershell "HIDDEN" (no "WINDOW") :: "=========================================================" powershell -NoProfile -ExecutionPolicy "Bypass" -WindowStyle "Hidden" -File "%PS1%" :: "Optional:" "clean" "up" "the" "temp" "PS1" Remove-Item "%PS1%" endlocal exit /b

Malicious

a3df647a5fea4a7749c3ac4ca46fddb4 > Adobe_Reader928097.bat > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [PowerShell Command] > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙