Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    indexpowershell.ps1

  • Size

    914B

  • Sample

    240823-1q7tla1dkl

  • MD5

    fec80df570e3c472d9d3445376b29bbe

  • SHA1

    74209f0508d62c7fbeec2313269d1eadc3fa0601

  • SHA256

    8a36127d9fdced5a151bb5def00f508f8b132c88af5020a9bf654f468cf12cd8

  • SHA512

    453d07746ee63c33dc10efbc45beeebd046f41df965988da2f88636623c3476792a7a1f65443e82690d6be984fdfc8af3d8c854191a32d8894f158a76cbb1806

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://dl.google.com/edgedl/chrome-remote-desktop/chromeremotedesktophost.msi

exe.dropper

https://remotedesktop.google.com/_/oauthredirect

Targets

    • Target

      indexpowershell.ps1

    • Size

      914B

    • MD5

      fec80df570e3c472d9d3445376b29bbe

    • SHA1

      74209f0508d62c7fbeec2313269d1eadc3fa0601

    • SHA256

      8a36127d9fdced5a151bb5def00f508f8b132c88af5020a9bf654f468cf12cd8

    • SHA512

      453d07746ee63c33dc10efbc45beeebd046f41df965988da2f88636623c3476792a7a1f65443e82690d6be984fdfc8af3d8c854191a32d8894f158a76cbb1806

    Score
    8/10
    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks