I spotted a malicious PowerShell script that implements interesting techniques. One of them is to store the payload into a registry key. This is pretty common for “fileless” malware. Their goal is to restrict as much as possible the footprint of the malware on the filesystem. The script is executed from a simple script called “client.bat”.
Article Link: InfoSec Handlers Diary Blog - SANS Internet Storm Center