Introduction

In this challenge, I investigated a suspicious Windows shortcut file named trick or treat.lnk.

A .lnk file, also known as a Windows Shortcut file, is a file that points to another file, folder, or application on a Windows system.

These files provide quick access to resources without needing to navigate to the original location. Shortcut files can be used by attackers to execute malicious commands or scripts under the guise of legitimate files. A hex dump analysis of the file reveals critical details about its functionality and intent.

Process

The first step in our analysis was to examine the file using hexdump -C. The output provided insight into the structure and contents of the shortcut file. Below are some key observations from the hex dump:

1. File Path and Command Execution: