Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
3StartAllBa....9.exe
windows10-1703-x64
8$PLUGINSDI...ec.dll
windows10-1703-x64
3$PROGRAMFI...ck.dll
windows10-1703-x64
1$PROGRAMFI... 7.dll
windows10-1703-x64
1$PROGRAMFI...ck.exe
windows10-1703-x64
1$PROGRAMFI...ck.dll
windows10-1703-x64
1$PROGRAMFI... 7.dll
windows10-1703-x64
1$PROGRAMFI...32.dll
windows10-1703-x64
1$PROGRAMFI...64.dll
windows10-1703-x64
1$PROGRAMFI...fg.exe
windows10-1703-x64
1$PROGRAMFI...10.dll
windows10-1703-x64
1$PROGRAMFI...n8.dll
windows10-1703-x64
1$PROGRAMFI... 7.dll
windows10-1703-x64
1$PROGRAMFI...ck.exe
windows10-1703-x64
1$PROGRAMFI...en.exe
windows10-1703-x64
1$TEMP/STAR...64.exe
windows10-1703-x64
1$TEMP/STAR...86.exe
windows10-1703-x64
1$TEMP/STAR...64.dll
windows10-1703-x64
1$TEMP/STAR...86.dll
windows10-1703-x64
1$TEMP/STAR... 7.dll
windows10-1703-x64
1$TEMP/STAR...fg.exe
windows10-1703-x64
1$TEMP/STAR...64.dll
windows10-1703-x64
1$TEMP/STAR...64.dll
windows10-1703-x64
1$TEMP/STAR...n8.dll
windows10-1703-x64
1$TEMP/STAR... 7.dll
windows10-1703-x64
1$TEMP/STAR...ck.exe
windows10-1703-x64
1General
-
Target
StartAllBack.v3.7.9.exe
-
Size
3.4MB
-
Sample
240509-far3zsea42
-
MD5
cfa05e668d40141a0962f8cd63834294
-
SHA1
8e62d099cd181f3bbe644e3d5a0a264ad2ecce92
-
SHA256
68de812ffc84aaf4f7a5b3f7b55472f2a525fe43c60e64539a84506fcf386d0e
-
SHA512
59adde381e178a9f291d5585ac37a4c1789be2d20d94f81290ad66c471964b18369d6f9143caa9915ad27334ce518e39e39a331d174fecd282b4b949bbc85d6a
-
SSDEEP
98304:2k8H3G0wUxHEfGNH8iYAxvlD5H2Lz8sC2Wn66Hsn4O:2T6pGNH8yxN5Huz7CTO
Static task
static1
Behavioral task
behavioral1
Sample
StartAllBack.v3.7.9.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
$PROGRAMFILES/StartIsBack/Orbs/Shamrock.dll
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
$PROGRAMFILES/StartIsBack/Orbs/Windows 7.dll
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
$PROGRAMFILES/StartIsBack/UpdateCheck.exe
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
$PROGRAMFILES64/StartAllBack/Orbs/Shamrock.dll
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
$PROGRAMFILES64/StartAllBack/Orbs/Windows 7.dll
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
$PROGRAMFILES64/StartAllBack/StartIsBack32.dll
Resource
win10-20240404-en
Behavioral task
behavioral9
Sample
$PROGRAMFILES64/StartAllBack/StartIsBack64.dll
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
$PROGRAMFILES64/StartAllBack/StartIsBackCfg.exe
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
$PROGRAMFILES64/StartAllBack/Styles/Plain10.dll
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
$PROGRAMFILES64/StartAllBack/Styles/Plain8.dll
Resource
win10-20240404-en
Behavioral task
behavioral13
Sample
$PROGRAMFILES64/StartAllBack/Styles/Windows 7.dll
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
$PROGRAMFILES64/StartAllBack/UpdateCheck.exe
Resource
win10-20240404-en
Behavioral task
behavioral15
Sample
$PROGRAMFILES64/StartAllBack/startscreen.exe
Resource
win10-20240404-en
Behavioral task
behavioral16
Sample
$TEMP/STARTISBACK/DarkMagicLoaderX64.exe
Resource
win10-20240404-en
Behavioral task
behavioral17
Sample
$TEMP/STARTISBACK/DarkMagicLoaderX86.exe
Resource
win10-20240404-en
Behavioral task
behavioral18
Sample
$TEMP/STARTISBACK/DarkMagicX64.dll
Resource
win10-20240404-en
Behavioral task
behavioral19
Sample
$TEMP/STARTISBACK/DarkMagicX86.dll
Resource
win10-20240404-en
Behavioral task
behavioral20
Sample
$TEMP/STARTISBACK/Orbs/Windows 7.dll
Resource
win10-20240404-en
Behavioral task
behavioral21
Sample
$TEMP/STARTISBACK/StartAllBackCfg.exe
Resource
win10-20240404-en
Behavioral task
behavioral22
Sample
$TEMP/STARTISBACK/StartAllBackLoaderX64.dll
Resource
win10-20240404-en
Behavioral task
behavioral23
Sample
$TEMP/STARTISBACK/StartAllBackX64.dll
Resource
win10-20240404-en
Behavioral task
behavioral24
Sample
$TEMP/STARTISBACK/Styles/Plain8.dll
Resource
win10-20240404-en
Behavioral task
behavioral25
Sample
$TEMP/STARTISBACK/Styles/Windows 7.dll
Resource
win10-20240404-en
Behavioral task
behavioral26
Sample
$TEMP/STARTISBACK/UpdateCheck.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
StartAllBack.v3.7.9.exe
-
Size
3.4MB
-
MD5
cfa05e668d40141a0962f8cd63834294
-
SHA1
8e62d099cd181f3bbe644e3d5a0a264ad2ecce92
-
SHA256
68de812ffc84aaf4f7a5b3f7b55472f2a525fe43c60e64539a84506fcf386d0e
-
SHA512
59adde381e178a9f291d5585ac37a4c1789be2d20d94f81290ad66c471964b18369d6f9143caa9915ad27334ce518e39e39a331d174fecd282b4b949bbc85d6a
-
SSDEEP
98304:2k8H3G0wUxHEfGNH8iYAxvlD5H2Lz8sC2Wn66Hsn4O:2T6pGNH8yxN5Huz7CTO
Score8/10-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
7KB
-
MD5
11092c1d3fbb449a60695c44f9f3d183
-
SHA1
b89d614755f2e943df4d510d87a7fc1a3bcf5a33
-
SHA256
2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77
-
SHA512
c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a
-
SSDEEP
96:JgzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuHIDQ:JDQHDb2vSuOc41ZfUNQZGdHA
Score3/10 -
-
-
Target
$PROGRAMFILES/StartIsBack/Orbs/Shamrock.orb
-
Size
295KB
-
MD5
ef55e07e1a2e47bb2bb749046cd150b2
-
SHA1
68362a1b38f03b8f25fc1f2cfcbd73d90b2ea0fa
-
SHA256
1a8dac51758c66a1bb03fbc227b5edb52ef7379fa3603b62eb3307005d06c9b5
-
SHA512
9c04a8c14dddf42b1ce6d07a5e562f008922595a9024cfcedb46529ab97804535fee8d1577ba9ee7438602aaac8613237869d5dc658bf7b68d44c250128b7b0e
-
SSDEEP
1536:CFafTY/SHWgaaQSKCufuCk4d8/YDHDIHsZw893lUsne0CS/W/CP98jNPNrku/S/d:CgfTYknuh5BxlUs0S/CR2/Ezg7
Score1/10 -
-
-
Target
$PROGRAMFILES/StartIsBack/Orbs/Windows 7.orb
-
Size
295KB
-
MD5
85328e698e8a74852b4061a683915dc8
-
SHA1
b898267f8574a34e6d605e541e5234c27dd53f5d
-
SHA256
e5b74e9e7bd6758a0154b11462ae3328edd143190865198104d8bd53b9af7275
-
SHA512
03945c487c6e697f7b352374a989bfe41d1de7d00624461d2b97fb2027b26d36b35035d5e78ea622c31372087dae647c5d3591c7f9a27941c009993e719ee28f
-
SSDEEP
3072:hj4y00PsAyluGSyREq+Dh3SGtdJmH1PakPE3AzpdDh7FVkohILQ:hn0esAylu2d2S4J83tdVYoT
Score1/10 -
-
-
Target
$PROGRAMFILES/StartIsBack/UpdateCheck.exe
-
Size
3KB
-
MD5
f9756c261aa978c787302debff8f142a
-
SHA1
81b5b130741d5df2feccd67bb6edb1a9d08d48aa
-
SHA256
a8d52a2653709d93d0d2c05d653dcf8f0cb06f11422d183eb6871528c95df319
-
SHA512
20ae445ab28d98ce6c1c8b066b7133541d9f944df7dbfccbc35df724165624c82d76c260c6041e5033e965e4dc0a2a57a67b594057cbc88f8ccc6ac9490c08b3
Score1/10 -
-
-
Target
$PROGRAMFILES64/StartAllBack/Orbs/Shamrock.orb
-
Size
295KB
-
MD5
ef55e07e1a2e47bb2bb749046cd150b2
-
SHA1
68362a1b38f03b8f25fc1f2cfcbd73d90b2ea0fa
-
SHA256
1a8dac51758c66a1bb03fbc227b5edb52ef7379fa3603b62eb3307005d06c9b5
-
SHA512
9c04a8c14dddf42b1ce6d07a5e562f008922595a9024cfcedb46529ab97804535fee8d1577ba9ee7438602aaac8613237869d5dc658bf7b68d44c250128b7b0e
-
SSDEEP
1536:CFafTY/SHWgaaQSKCufuCk4d8/YDHDIHsZw893lUsne0CS/W/CP98jNPNrku/S/d:CgfTYknuh5BxlUs0S/CR2/Ezg7
Score1/10 -
-
-
Target
$PROGRAMFILES64/StartAllBack/Orbs/Windows 7.orb
-
Size
295KB
-
MD5
85328e698e8a74852b4061a683915dc8
-
SHA1
b898267f8574a34e6d605e541e5234c27dd53f5d
-
SHA256
e5b74e9e7bd6758a0154b11462ae3328edd143190865198104d8bd53b9af7275
-
SHA512
03945c487c6e697f7b352374a989bfe41d1de7d00624461d2b97fb2027b26d36b35035d5e78ea622c31372087dae647c5d3591c7f9a27941c009993e719ee28f
-
SSDEEP
3072:hj4y00PsAyluGSyREq+Dh3SGtdJmH1PakPE3AzpdDh7FVkohILQ:hn0esAylu2d2S4J83tdVYoT
Score1/10 -
-
-
Target
$PROGRAMFILES64/StartAllBack/StartIsBack32.dll
-
Size
563KB
-
MD5
e4b19c388cf6d649053e7f018388b9a4
-
SHA1
9114450f106c4e274c335f4e5d41fe40380a9607
-
SHA256
6405b9ad8b1557381de5a3d51502f408891283ba22ad45166343261e703bee07
-
SHA512
f990a6765a3bc8c3d36d8617e68237d83cd2cca4e05a71389f4381e6ef8b2c96cc9f04a6f9db74a9af95f30bfd36c72394acff8718e8ab6d16581eafd68ab51e
-
SSDEEP
12288:1SEyvDUMVQfYllJs97b3xrtlyXWM59+2cCGM7VxA:wEyvDUMVQfalJs7bhtlyjI2e4O
Score1/10 -
-
-
Target
$PROGRAMFILES64/StartAllBack/StartIsBack64.dll
-
Size
667KB
-
MD5
7ca847e6522f074352eadc0b62eb3399
-
SHA1
84fadc794964373f4098a474c3829d5d1953e07a
-
SHA256
584d631fa9f62873409cc51777fbbe8df673887a8af0a092d4b0523da512e577
-
SHA512
6c0e8a38a394309fcbb66d9da372cd35114b5a0aea397324f629fbb18866eaa934119483d5048dcb487377cd2d47d85ee23611aae84947a025b494a53bfcd20a
-
SSDEEP
12288:OEwKiIRJBYUYiyx51FHh3xb/zybraHM+/qWGgbF:OEPiIRJBYUYiyx5/hhCbrsqWGgbF
Score1/10 -
-
-
Target
$PROGRAMFILES64/StartAllBack/StartIsBackCfg.exe
-
Size
2.3MB
-
MD5
54873041460fa7a27cfb5008239e11f9
-
SHA1
c4fd1fa77a5e079f19cfaed945a83b65bc55431a
-
SHA256
3b946870b669af9837a27204e72ebe8e42a3503a6ee4da3822672ff54bdad0c5
-
SHA512
78fc2b84dc42e86bec9e802f6a96a3507802a033b54429ac0d2c65b726edfb0dc3ee1cf5c57dde455a5ffa36b49ebf9c1ff4335b5b7fab70b9609d903e59ca8a
-
SSDEEP
12288:3P7XcuNzOo7oFYyWxmF9LOFDfMKmm6/5UcVvmAMeJ62LzmHbNvnnnnnnnnn/m94v:/guhXsYycmzGkKmmX3ABxLzmuzF
Score1/10 -
-
-
Target
$PROGRAMFILES64/StartAllBack/Styles/Plain10.msstyles
-
Size
48KB
-
MD5
a69385279536210958fb9c86cab229d6
-
SHA1
6ecb118cfb9b8ef42c79aa0d795c3d8b51f0341d
-
SHA256
3955fc60d3b7c4a1badd831fde82269261407cf9d459c65b429e8abc769adeed
-
SHA512
f1cf5b1ec22416e645c0dfc128c25166585e300a8db2de6ec51e0689e26e54831dcf2b26a03115423b9b71f1b109389a3e14173fe0a8bbebc2547f9ca33cd412
-
SSDEEP
384:JijF/fRDk7ntZ6ITwfNAGPEVNqavB+m43+55lgirNr3all7IQsIUuIUU+ZZxVAKi:JAtv4sSlO6NH
Score1/10 -
-
-
Target
$PROGRAMFILES64/StartAllBack/Styles/Plain8.msstyles
-
Size
118KB
-
MD5
509fd060516d1971da8d0c2173748358
-
SHA1
67ccd63914312b1f491467bec42232916df109c7
-
SHA256
43c7016d950248f52f9512c9e7393c38d61a3ba2235e5fb6deed83564d8e9442
-
SHA512
de3d87b7e0a518ffbb10ccd400dbf5f9596177b75dd7aa4785855d36f007ef0417b88b2eb3aa6af7e52fb3670c021f714bcf87a33551ffc4536444d5204aa7e6
-
SSDEEP
1536:JrsDH9XYblumhuRSPvu8QhVPCQtGwMlw:JrkH9cumhuRSXIhVPCpwMlw
Score1/10 -
-
-
Target
$PROGRAMFILES64/StartAllBack/Styles/Windows 7.msstyles
-
Size
405KB
-
MD5
b6a2892c151ccd59d0b4c4c1777daac5
-
SHA1
b34791b4db3956620dffb2e11e1fa160e2d20889
-
SHA256
0c6e681a8091ba888e58473cceeae590c88a405bb30dcb344f940acf27290ce8
-
SHA512
e8fc5c96d155bf9657c07d861e2597d681a23ce1d46ec3e779251126e989be41c883e0545e80b5291c96a3ead4eb6c2affe8b419abb506bc5e5376fe2fa212ae
-
SSDEEP
6144:e7hUvZn7daDTzgMigyWI12lnCtROpUHQYPxcqe:mhOZ7Qzg/RXthz
Score1/10 -
-
-
Target
$PROGRAMFILES64/StartAllBack/UpdateCheck.exe
-
Size
3KB
-
MD5
f9756c261aa978c787302debff8f142a
-
SHA1
81b5b130741d5df2feccd67bb6edb1a9d08d48aa
-
SHA256
a8d52a2653709d93d0d2c05d653dcf8f0cb06f11422d183eb6871528c95df319
-
SHA512
20ae445ab28d98ce6c1c8b066b7133541d9f944df7dbfccbc35df724165624c82d76c260c6041e5033e965e4dc0a2a57a67b594057cbc88f8ccc6ac9490c08b3
Score1/10 -
-
-
Target
$PROGRAMFILES64/StartAllBack/startscreen.exe
-
Size
71KB
-
MD5
a2d6e2201be02973328038457aa64bba
-
SHA1
684338bd758a92449d43c49a0aa539f323760215
-
SHA256
f4e76abf0df055fae97863708412773b51197bae0ddd9692a9509e824d847df0
-
SHA512
21002b3b3cd01beb923692addaef4e5d0fcbee972154e25bea2c4ece591185bf8e6221959fbcc772fc7e7f73dce18747909dcd9c04423a0ade70f6cfba72f135
-
SSDEEP
768:cH8C2KZJVCso1iFS4dA38XFKw/v5lUcB6VC2Tl4GLxEFiRS:or5VcUdA32FfvIC6Z2GLxeio
Score1/10 -
-
-
Target
$TEMP/STARTISBACK/DarkMagicLoaderX64.exe
-
Size
13KB
-
MD5
31a0c563a06323fee612df2dd801add2
-
SHA1
d67e3ff1d9ec9c791cae0f90a2d75b8d47d0f678
-
SHA256
3c38890144061a23c3322720edcd0866261d25c8763836e773bd5b082dacbe72
-
SHA512
3978b636594455dccf4a351b1c16a314a4e41777cd8466d68a6e78168ff4bc3c402a5cb90d45978dafea7e90e750a2bec6922a682fa209793607ce1496d637da
-
SSDEEP
192:3TaBb69WU9F6M/YmTveDcPnnCjdAA1m5IxV6hJzsPmHkuug:3OBbAWuFRHvSQnCjdAA1m5wMzsPudL
Score1/10 -
-
-
Target
$TEMP/STARTISBACK/DarkMagicLoaderX86.exe
-
Size
13KB
-
MD5
53b24dfaaf02118c913e662dbc48acaf
-
SHA1
66d61ca3a78edc09cd78e57a2edbd03a0dde6176
-
SHA256
9cb9d09799d03d14c58c67521488395a06b084f5d8cece7a45acfd15ffbccada
-
SHA512
774efc66c71d02966d0f8961439476e5de4942f4095a760f7928c9de0d3c0f42d371bbe73ddedac1490ec678c7f3f812615896470893423c3b41251fa7cdc1db
-
SSDEEP
192:CbrWU9F6M/YmTveDcYDeVCjdAA1m5IxV6hJzsPmHkyjI:CbrWuFRHvSrDeVCjdAA1m5wMzsPudM
Score1/10 -
-
-
Target
$TEMP/STARTISBACK/DarkMagicX64.dll
-
Size
156KB
-
MD5
106a8be32845eeaced3eef223f317fd9
-
SHA1
0dda24c0bf494e685aebf130b0b13df1a5dca2e9
-
SHA256
65e8c33ff2e84d9a5e1f6dd74d508cf109f921958bb24a2b766ae06dedc7cbc3
-
SHA512
5dd330f0dad03daecdd6a30ff1aff7e3c9506c8b1c4c0fd670b4ec3ad692c0ff078222858b56715d7ab0694ecf36521c46811b932d01f586de4c37d9afa92aea
-
SSDEEP
1536:lTEUWaufsPnsbHkpO8GrKvAM40xCj37SHb06v27pvhE4VG8zFLQYSvHceCKsR89o:ZEO5Eb3vJg06vcppRVfQYSvwR8Lx+yba
Score1/10 -
-
-
Target
$TEMP/STARTISBACK/DarkMagicX86.dll
-
Size
127KB
-
MD5
7162f62910e6c2e0c964b5fb765170c4
-
SHA1
e847401f6ff87e03b9b71166562c0beeb0850b72
-
SHA256
d68d7e9d4e6ecaff194fb461098fb93ca142b81881400c3e7a05eb0ce10a3b3a
-
SHA512
37e85e498f8f78079d61d0ed3efcabbf3007fabe3ce5b45451e246a305d86c3ca4bb71b4e20b430441a5cfc7505d53cb3ca33e53f70ee2e1abdb3f837e129664
-
SSDEEP
3072:qQ/dazpCv9KUoQEt3gUYhvFPTBsZAC4TBZv7Sx7y2Ifak:qQlazpGoUohwhvZTq4TX7Sx7y7ik
Score1/10 -
-
-
Target
$TEMP/STARTISBACK/Orbs/Windows 7.orb
-
Size
295KB
-
MD5
85328e698e8a74852b4061a683915dc8
-
SHA1
b898267f8574a34e6d605e541e5234c27dd53f5d
-
SHA256
e5b74e9e7bd6758a0154b11462ae3328edd143190865198104d8bd53b9af7275
-
SHA512
03945c487c6e697f7b352374a989bfe41d1de7d00624461d2b97fb2027b26d36b35035d5e78ea622c31372087dae647c5d3591c7f9a27941c009993e719ee28f
-
SSDEEP
3072:hj4y00PsAyluGSyREq+Dh3SGtdJmH1PakPE3AzpdDh7FVkohILQ:hn0esAylu2d2S4J83tdVYoT
Score1/10 -
-
-
Target
$TEMP/STARTISBACK/StartAllBackCfg.exe
-
Size
3.3MB
-
MD5
d029e1430bb91cf5506aa05e2e72ef26
-
SHA1
47d374ad40833e7317c2729f500eaade45734b91
-
SHA256
c7e9712749e51c5c9fa49ab6ebedca97543e5761051c72ca12dfe13fdcf43e07
-
SHA512
1850fb38b216fde13aa6daf66cb6082c1d225fd445511d87108c911bdafc13b34b32c6800d30abdc08a0adee3f9ce7ff69e9c65600e369b61374202676a39079
-
SSDEEP
24576:WdIOTn2jk2xye4khW0y1y4iW6SRX/SrPlPf6cI1N+Nm9p:W+OLQULkhVSRSt7UF
Score1/10 -
-
-
Target
$TEMP/STARTISBACK/StartAllBackLoaderX64.dll
-
Size
14KB
-
MD5
07496bd0aa53a53fee717c35c3ec5284
-
SHA1
bb281ab5eeb23f32290942e6c7308db389ce4415
-
SHA256
0dcda75498e5a8754a9f23a941bb5e734d1488c489fac6b2e83d0f13c325584b
-
SHA512
39a12a6670205cbe027d32e156b508ac335cc610aaf5ab1fcad1403863fc7e001c3bd1da9062c6e53481161d57734dd4673743168f7188db29a9125ece5a90d3
-
SSDEEP
384:R2iaEmJJWuFRHvSkeMQCjdAA1m5wMzsPuExv:4ixmLTlMxCxf1mlzz8
Score1/10 -
-
-
Target
$TEMP/STARTISBACK/StartAllBackX64.dll
-
Size
864KB
-
MD5
5481406b56b847931d6531a759036e8a
-
SHA1
da4e7d7e4ccb59c774253f02c24d15104febcd61
-
SHA256
94002f0c7786d6f22011f64ca65fb065af2ca52a1ff8576fc43269f4ae7a965b
-
SHA512
81a7b980250a666ccde820df5f829df109298d22ee086d40681b3ba8bb871a0f11653ea2363f34ed206156ddb8d8c7ccf208d2ff2548c778ace83bb6715da39e
-
SSDEEP
12288:UqM0OEfhGHuGDnTk84QZZUAzKiaKktaz7ZgGoRiV8VWYwF:iPEfhqLTJHZuiZc0aGoRiuZ
Score1/10 -
-
-
Target
$TEMP/STARTISBACK/Styles/Plain8.msstyles
-
Size
118KB
-
MD5
509fd060516d1971da8d0c2173748358
-
SHA1
67ccd63914312b1f491467bec42232916df109c7
-
SHA256
43c7016d950248f52f9512c9e7393c38d61a3ba2235e5fb6deed83564d8e9442
-
SHA512
de3d87b7e0a518ffbb10ccd400dbf5f9596177b75dd7aa4785855d36f007ef0417b88b2eb3aa6af7e52fb3670c021f714bcf87a33551ffc4536444d5204aa7e6
-
SSDEEP
1536:JrsDH9XYblumhuRSPvu8QhVPCQtGwMlw:JrkH9cumhuRSXIhVPCpwMlw
Score1/10 -
-
-
Target
$TEMP/STARTISBACK/Styles/Windows 7.msstyles
-
Size
377KB
-
MD5
5bcd1f14702ed1c521a13cec168770c7
-
SHA1
60d9b2740ae59e32cb843ae9171db90d24212884
-
SHA256
5d7d0f58359bc0017da66b3b893515435add2908f3c10920e0cad2febd3e0e62
-
SHA512
ccd3df8072768e42c607d372c35c5e484c51a3ed24545ae29cad8aab61a1cdd2e9c8c33dfed41406566b31ed775c0ffc56859f97d8dd2859f4899af1a670b752
-
SSDEEP
6144:YL7hUvZn7daDTzgMigyWI12lnCtROpUHQYPxt:ohOZ7Qzg/RXthz
Score1/10 -
-
-
Target
$TEMP/STARTISBACK/UpdateCheck.exe
-
Size
3KB
-
MD5
f9756c261aa978c787302debff8f142a
-
SHA1
81b5b130741d5df2feccd67bb6edb1a9d08d48aa
-
SHA256
a8d52a2653709d93d0d2c05d653dcf8f0cb06f11422d183eb6871528c95df319
-
SHA512
20ae445ab28d98ce6c1c8b066b7133541d9f944df7dbfccbc35df724165624c82d76c260c6041e5033e965e4dc0a2a57a67b594057cbc88f8ccc6ac9490c08b3
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1