Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
indexpowershell.ps1
-
Size
914B
-
Sample
240823-1q7tla1dkl
-
MD5
fec80df570e3c472d9d3445376b29bbe
-
SHA1
74209f0508d62c7fbeec2313269d1eadc3fa0601
-
SHA256
8a36127d9fdced5a151bb5def00f508f8b132c88af5020a9bf654f468cf12cd8
-
SHA512
453d07746ee63c33dc10efbc45beeebd046f41df965988da2f88636623c3476792a7a1f65443e82690d6be984fdfc8af3d8c854191a32d8894f158a76cbb1806
Static task
static1
Behavioral task
behavioral1
Sample
indexpowershell.ps1
Resource
win7-20240705-en
Malware Config
Extracted
https://dl.google.com/edgedl/chrome-remote-desktop/chromeremotedesktophost.msi
https://remotedesktop.google.com/_/oauthredirect
Targets
-
-
Target
indexpowershell.ps1
-
Size
914B
-
MD5
fec80df570e3c472d9d3445376b29bbe
-
SHA1
74209f0508d62c7fbeec2313269d1eadc3fa0601
-
SHA256
8a36127d9fdced5a151bb5def00f508f8b132c88af5020a9bf654f468cf12cd8
-
SHA512
453d07746ee63c33dc10efbc45beeebd046f41df965988da2f88636623c3476792a7a1f65443e82690d6be984fdfc8af3d8c854191a32d8894f158a76cbb1806
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-