bb62cacb307f74c1b3c29fc6b878c2ca3f243808a846bf7ba4e5d2eb7691f0d4

Analysis

max time kernel
149s
max time network
127s
platform
windows7_x64
resource
win7v20201028
submitted
14-12-2020 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8284b3f320cc80e70e3b01c476da012.exe
Size

316KB
MD5

f8284b3f320cc80e70e3b01c476da012
SHA1

22f630a082d927c357723a43471df1fc985d87cc
SHA256

bb62cacb307f74c1b3c29fc6b878c2ca3f243808a846bf7ba4e5d2eb7691f0d4
SHA512

1c917a4abcef6691972da7c7e0ec152d90427557703662df53daa52b37ef28ae453b4c62249b1e1ae7127a57716356b42d1f15035b815837d085d4e6fd68270f

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

Processes:

HelpMe.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 36 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\Windows\SysWOW64\notepad.exe.exe	aspack_v212_v242
C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe	aspack_v212_v242
C:\$Recycle.Bin\S-1-5-21-3825035466-2522850611-591511364-1000\desktop.ini.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

1212 HelpMe.exe

pid	process
1212	HelpMe.exe

Drops startup file 2 IoCs

Processes:

HelpMe.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Loads dropped DLL 31 IoCs

Processes:

f8284b3f320cc80e70e3b01c476da012.exeHelpMe.exe

pid	process
892	f8284b3f320cc80e70e3b01c476da012.exe
892	f8284b3f320cc80e70e3b01c476da012.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe
1212	HelpMe.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

HelpMe.exe

description	ioc	process
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\F:	HelpMe.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe

Drops autorun.inf file 1 TTPs
Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media
T1091

Drops file in System32 directory 6 IoCs

Processes:

f8284b3f320cc80e70e3b01c476da012.exeHelpMe.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	f8284b3f320cc80e70e3b01c476da012.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File opened for modification	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\notepad.exe.exe	HelpMe.exe
File opened for modification	C:\Windows\SysWOW64\HelpMe.exe	f8284b3f320cc80e70e3b01c476da012.exe
File opened for modification	C:\Windows\SysWOW64\notepad.exe.exe	f8284b3f320cc80e70e3b01c476da012.exe

Drops file in Program Files directory 2 IoCs

Processes:

HelpMe.exef8284b3f320cc80e70e3b01c476da012.exe

description	ioc	process
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe	HelpMe.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe	f8284b3f320cc80e70e3b01c476da012.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

HelpMe.exef8284b3f320cc80e70e3b01c476da012.exe

pid process

1212 HelpMe.exe
892 f8284b3f320cc80e70e3b01c476da012.exe

pid	process
1212	HelpMe.exe
892	f8284b3f320cc80e70e3b01c476da012.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

f8284b3f320cc80e70e3b01c476da012.exe

description	pid	process	target process
PID 892 wrote to memory of 1212	892	f8284b3f320cc80e70e3b01c476da012.exe	HelpMe.exe
PID 892 wrote to memory of 1212	892	f8284b3f320cc80e70e3b01c476da012.exe	HelpMe.exe
PID 892 wrote to memory of 1212	892	f8284b3f320cc80e70e3b01c476da012.exe	HelpMe.exe
PID 892 wrote to memory of 1212	892	f8284b3f320cc80e70e3b01c476da012.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\f8284b3f320cc80e70e3b01c476da012.exe
"C:\Users\Admin\AppData\Local\Temp\f8284b3f320cc80e70e3b01c476da012.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:892

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:1212

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3825035466-2522850611-591511364-1000\desktop.ini.exe
MD5
eb5cb7710ba6ff61e02b5196801a10b1

SHA1
1dba38c3ea98e7eab90e562e631c2cf2e75da1a6

SHA256
205986f9ca811788607dd8f5e303d597f155e59f37ab4fe331d24a13742f8b63

SHA512
7cc5de009c151b94727299dc729ac555e436b4da7394a8efe700bb21c686d8c1d17be176969caf90425db084460c4ab08f10530016b7dc40166de4219ae5d32a

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe
MD5
f985454ed1582492cec04d96a1f627c0

SHA1
1b35013e9c41d4ba655884dbe41b985084a88995

SHA256
dc8dcaa58673b2ff07ac1f8ab50f9d68d9ae1a04fec854943f33da7e2f99008c

SHA512
c5388dfbe4466587ec6daf4b78a95771e11d61c40f7387dfd38d0ddc02a5ac7a76f4877d79ae9e91cb33b966473d7e25dc8256c8b382841339e7b1e7e941be27

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
C:\Windows\SysWOW64\notepad.exe.exe
MD5
9134e1aad1de3b2f808e9304d544a4e9

SHA1
4baa23d9b3915fe2b96224a2f2dc3c1b7db99d0c

SHA256
f479c9312ad0b350a0932a57415906c753ed7408f39aa199fd7202f11cc4557f

SHA512
fd97b10fc69904206a7d27f390d342049680116c8a09068468bf28a0d08c345fdc3de95f7fb53c1d629e7f250a5f15773f0f39bc86f160033b1453fab5969453

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
\Windows\SysWOW64\HelpMe.exe
MD5
8133b3e4b12a42133167c4d5f2591415

SHA1
4b89ae560fc5d50359aa2f226db7aefe3441fbca

SHA256
9cef339a376022ddf7476594bf458c842dfd71f7dcab94427674c0b08bd29377

SHA512
cb657bb3b9f726af7ebcadcf1697e5768f42eafb74202c510a54e408d1fe697308d0c901ad5488116c5ca9056ef2d0381ef7a33ab73a200bae7a1ea0c3cbf1a8

Download Submit
memory/892-9-0x0000000002CC0000-0x0000000002CD1000-memory.dmp

Filesize
68KB

Download
memory/892-10-0x00000000030D0000-0x00000000030E1000-memory.dmp

Filesize
68KB

Download
memory/1212-8-0x00000000030A0000-0x00000000030B1000-memory.dmp

Filesize
68KB

Download
memory/1212-7-0x0000000002C90000-0x0000000002CA1000-memory.dmp

Filesize
68KB

Download
memory/1212-4-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads