Overview

overview

8

Static

static

1

StartAllBack.ps1

windows7-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    StartAllBack.ps1

  • Size

    1KB

  • Sample

    240426-tg1wcsfb54

  • MD5

    7cc12232b49e25cdaf542acced20bfb1

  • SHA1

    ee0e5beaa2cda7d44a7f0a7b9bee6cd33f29b80d

  • SHA256

    94da8ba33f016acb647d9374b2a1e27d01ab80232ecc396650bfefe942e44a8a

  • SHA512

    ed941297af88624e05a98bffbfdbc3f36e109c6b6c9a435ab7b8a73549a54ad4f37fdbdb14798f7f6b9bb83f4076671c2caede689838e5210a356ecfb7d6395b

Score
8/10
persistenceransomware

Malware Config

Targets

    • Target

      StartAllBack.ps1

    • Size

      1KB

    • MD5

      7cc12232b49e25cdaf542acced20bfb1

    • SHA1

      ee0e5beaa2cda7d44a7f0a7b9bee6cd33f29b80d

    • SHA256

      94da8ba33f016acb647d9374b2a1e27d01ab80232ecc396650bfefe942e44a8a

    • SHA512

      ed941297af88624e05a98bffbfdbc3f36e109c6b6c9a435ab7b8a73549a54ad4f37fdbdb14798f7f6b9bb83f4076671c2caede689838e5210a356ecfb7d6395b

    Score
    8/10
    persistenceransomware

    • Modifies Installed Components in the registry

      persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks