cc526fa28a5f3cc3bcb879b85aaf8e36eac28485747d3cbafe40886610436513

Analysis

max time kernel
148s
max time network
110s
platform
windows10_x64
resource
win10v20201028
submitted
14-12-2020 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1d9dbe0a13ba85e5357b10124283cd7.exe
Size

870KB
MD5

f1d9dbe0a13ba85e5357b10124283cd7
SHA1

03f8002d7725bfab431ab33cce8abf64ebc6d3fd
SHA256

cc526fa28a5f3cc3bcb879b85aaf8e36eac28485747d3cbafe40886610436513
SHA512

44c3e414e1dbad040a2532f7ba36971f4c6a55bd25e229ba6a3eab4bbb8661325346d7d63ca1154de504d604f48524e7569f5a5b75c97cc851ade05fd0c7955e

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

Processes:

f1d9dbe0a13ba85e5357b10124283cd7.exeHelpMe.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	f1d9dbe0a13ba85e5357b10124283cd7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\$Recycle.Bin\S-1-5-21-1985363256-3005190890-1182679451-1000\desktop.ini.exe	aspack_v212_v242
C:\AutoRun.exe	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

3932 HelpMe.exe

pid	process
3932	HelpMe.exe

Drops startup file 3 IoCs

Processes:

f1d9dbe0a13ba85e5357b10124283cd7.exeHelpMe.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	f1d9dbe0a13ba85e5357b10124283cd7.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

f1d9dbe0a13ba85e5357b10124283cd7.exeHelpMe.exe

description	ioc	process
File opened (read-only)	\??\E:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\F:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\O:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\T:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\K:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\Q:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\S:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\X:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\G:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\H:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\I:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\L:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\N:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\V:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\A:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\R:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\U:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\W:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\Y:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\F:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\J:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\Z:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\B:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\M:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\P:	f1d9dbe0a13ba85e5357b10124283cd7.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe

JavaScript code in executable 4 IoCs

Processes:

resource	yara_rule
C:\Windows\SysWOW64\HelpMe.exe	js
C:\Windows\SysWOW64\HelpMe.exe	js
C:\$Recycle.Bin\S-1-5-21-1985363256-3005190890-1182679451-1000\desktop.ini.exe	js
C:\AutoRun.exe	js

Drops autorun.inf file 1 TTPs
Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media
T1091

Drops file in System32 directory 2 IoCs

Processes:

HelpMe.exef1d9dbe0a13ba85e5357b10124283cd7.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	f1d9dbe0a13ba85e5357b10124283cd7.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

f1d9dbe0a13ba85e5357b10124283cd7.exe

description	pid	process	target process
PID 2484 wrote to memory of 3932	2484	f1d9dbe0a13ba85e5357b10124283cd7.exe	HelpMe.exe
PID 2484 wrote to memory of 3932	2484	f1d9dbe0a13ba85e5357b10124283cd7.exe	HelpMe.exe
PID 2484 wrote to memory of 3932	2484	f1d9dbe0a13ba85e5357b10124283cd7.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\f1d9dbe0a13ba85e5357b10124283cd7.exe
"C:\Users\Admin\AppData\Local\Temp\f1d9dbe0a13ba85e5357b10124283cd7.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2484

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Drops startup file
- Enumerates connected drives
- Drops file in System32 directory
PID:3932

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1985363256-3005190890-1182679451-1000\desktop.ini.exe
MD5
bbc8a9098077731e0065f3faf0ebb91a

SHA1
99620344b935b4bd73a046b817070da76fba5322

SHA256
c633dd560dfeeaff98ec026201f022f1745b680454285f4a4694d121e086f7bf

SHA512
6b2559e90d4384b8f3d9d8bd983aaf5bc3e839ad33aa2771f8e85debb1bd36dca25492b7553422e59b45e0d6003370fc2f9046c35d6d008029176cd1c97d3aca

Download Submit
C:\AutoRun.exe
MD5
f1d9dbe0a13ba85e5357b10124283cd7

SHA1
03f8002d7725bfab431ab33cce8abf64ebc6d3fd

SHA256
cc526fa28a5f3cc3bcb879b85aaf8e36eac28485747d3cbafe40886610436513

SHA512
44c3e414e1dbad040a2532f7ba36971f4c6a55bd25e229ba6a3eab4bbb8661325346d7d63ca1154de504d604f48524e7569f5a5b75c97cc851ade05fd0c7955e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
777879c5135ec0db2176fc058555dbc2

SHA1
2af00f911f18b3f3d9d079db4d7a557e2110f088

SHA256
8df12cfaefa16a957a5320224a647f38032177ec993f27eaebbc065ccf349ace

SHA512
4621f071493ac7d85209da4632f06a7b6299c801144fada2274cd14a37cc4c8b587b1be7543b7a34b2379e7461ec36462b2537f09813329de5c589a32ab0683b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
ce652da175b71b558c49cb152a9a379b

SHA1
52d2f11393990d6f43e85f6dca7b20d0509c9168

SHA256
35bb59aa08d5db240b1c0ef1b5c41bbeddc1f059a2f871d53d10fb085adbc2da

SHA512
cceae9a89d6f26fc728ea1ce4abeb1c46ad81d30a95262cd58707a66f6cf639c4cc7db8471e44b956553299f92bcadfc44872ba1712d6168a36bf188a695e5f0

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
MD5
08d86bcad86912535bde009185c0a178

SHA1
3cc71e23f887eb2d43f48c09480083a137a0f186

SHA256
d688303a1cba143a9a022fdad66b5a719f721cc97a2c27b3b3551831b0692d48

SHA512
a2ab7772ac5e0e5af3391a5a4eefb5b6424643fffd40c9ad93ed59941007ac3fa1faacb085becb3fea92ef6804831e5d437cb62c9107018aa39fa437b779089f

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
MD5
08d86bcad86912535bde009185c0a178

SHA1
3cc71e23f887eb2d43f48c09480083a137a0f186

SHA256
d688303a1cba143a9a022fdad66b5a719f721cc97a2c27b3b3551831b0692d48

SHA512
a2ab7772ac5e0e5af3391a5a4eefb5b6424643fffd40c9ad93ed59941007ac3fa1faacb085becb3fea92ef6804831e5d437cb62c9107018aa39fa437b779089f

Download Submit
memory/3932-2-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads