8a36127d9fdced5a151bb5def00f508f8b132c88af5020a9bf654f468cf12cd8 | Triage

Sharing

General

Target

indexpowershell.ps1
Size

914B
Sample

240823-1q7tla1dkl
MD5

fec80df570e3c472d9d3445376b29bbe
SHA1

74209f0508d62c7fbeec2313269d1eadc3fa0601
SHA256

8a36127d9fdced5a151bb5def00f508f8b132c88af5020a9bf654f468cf12cd8
SHA512

453d07746ee63c33dc10efbc45beeebd046f41df965988da2f88636623c3476792a7a1f65443e82690d6be984fdfc8af3d8c854191a32d8894f158a76cbb1806

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://dl.google.com/edgedl/chrome-remote-desktop/chromeremotedesktophost.msi

exe.dropper

https://remotedesktop.google.com/_/oauthredirect

Targets

- Target
  
  indexpowershell.ps1
- Size
  
  914B
- MD5
  
  fec80df570e3c472d9d3445376b29bbe
- SHA1
  
  74209f0508d62c7fbeec2313269d1eadc3fa0601
- SHA256
  
  8a36127d9fdced5a151bb5def00f508f8b132c88af5020a9bf654f468cf12cd8
- SHA512
  
  453d07746ee63c33dc10efbc45beeebd046f41df965988da2f88636623c3476792a7a1f65443e82690d6be984fdfc8af3d8c854191a32d8894f158a76cbb1806
Score

8^/10

execution discovery
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecution