65324c45023d08325f787891fcaaa84f757807c0de6a82fdc2048bbde5524430

Analysis

max time kernel
147s
max time network
165s
platform
windows7_x64
resource
win7v20210408
submitted
01-09-2021 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UnHackMePortable_9.96.696.paf.exe
Size

16.2MB
MD5

ac5c08e239997770d0097d9e5a3ddfbf
SHA1

18b30473cfd5571fa2aa74f87f30bf4a84b9d9be
SHA256

65324c45023d08325f787891fcaaa84f757807c0de6a82fdc2048bbde5524430
SHA512

c101bbeaa4e6e92031da6952a0be145be1a48f7d39f65ec3d02ab02efa7c092fee61844e349371cbda4c1bacc7ac2106cb584a5acfa8a64924b97de990407c42

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

UnHackMePortable.exeUnhackme.exe

pid process

1652 UnHackMePortable.exe
592 Unhackme.exe

pid	process
1652	UnHackMePortable.exe
592	Unhackme.exe

Loads dropped DLL 12 IoCs

Processes:

UnHackMePortable_9.96.696.paf.exeUnHackMePortable.exeUnhackme.exe

pid	process
1960	UnHackMePortable_9.96.696.paf.exe
1960	UnHackMePortable_9.96.696.paf.exe
1960	UnHackMePortable_9.96.696.paf.exe
1960	UnHackMePortable_9.96.696.paf.exe
1960	UnHackMePortable_9.96.696.paf.exe
1960	UnHackMePortable_9.96.696.paf.exe
1960	UnHackMePortable_9.96.696.paf.exe
1652	UnHackMePortable.exe
1652	UnHackMePortable.exe
1652	UnHackMePortable.exe
1652	UnHackMePortable.exe
592	Unhackme.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 30 IoCs

Processes:

Unhackme.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FC3699F2-8955-4B87-07BF-A749F41644F6}\ProgID\ = "VisShe.CInfoTipShellExt.1"	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}\1.0\0\win32\	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FC3699F2-8955-4B87-07BF-A749F41644F6}\InprocServer32\	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}\1.0\0\	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\"	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}\1.0\FLAGS\ = "0"	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FC3699F2-8955-4B87-07BF-A749F41644F6}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\VISSHE.DLL"	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}\1.0\ = "Groove Web Services Members Service"	Unhackme.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}\1.0\0	Unhackme.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}\1.0\0\win32	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}\1.0\HELPDIR\	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FC3699F2-8955-4B87-07BF-A749F41644F6}\VersionIndependentProgID\ = "VisShe.CInfoTipShellExt"	Unhackme.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FC3699F2-8955-4B87-07BF-A749F41644F6}	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FC3699F2-8955-4B87-07BF-A749F41644F6}\ = "Bonim.Ajorah"	Unhackme.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FC3699F2-8955-4B87-07BF-A749F41644F6}\InprocServer32	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FC3699F2-8955-4B87-07BF-A749F41644F6}\ProgID\	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}\1.0\	Unhackme.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FC3699F2-8955-4B87-07BF-A749F41644F6}\VersionIndependentProgID	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FC3699F2-8955-4B87-07BF-A749F41644F6}\VersionIndependentProgID\	Unhackme.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}	Unhackme.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}\1.0	Unhackme.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}\1.0\FLAGS	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}\1.0\FLAGS\	Unhackme.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FC3699F2-8955-4B87-07BF-A749F41644F6}\TypeLib	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FC3699F2-8955-4B87-07BF-A749F41644F6}\TypeLib\	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}\1.0\0\win32\ = "C:\\PROGRA~2\\MICROS~1\\Office14\\GROOVE.EXE\\145"	Unhackme.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}\1.0\HELPDIR	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FC3699F2-8955-4B87-07BF-A749F41644F6}\TypeLib\ = "{F2D93AC4-E3C9-273C-082D-47181A61164B}"	Unhackme.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FC3699F2-8955-4B87-07BF-A749F41644F6}\ProgID	Unhackme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2D93AC4-E3C9-273C-082D-47181A61164B}\	Unhackme.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

UnHackMePortable_9.96.696.paf.exeUnHackMePortable.exe

pid process

1960 UnHackMePortable_9.96.696.paf.exe
1652 UnHackMePortable.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

UnHackMePortable_9.96.696.paf.exe

pid process

1960 UnHackMePortable_9.96.696.paf.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Unhackme.exe

description pid process

Token: SeBackupPrivilege 592 Unhackme.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

UnHackMePortable_9.96.696.paf.exe

pid process

1960 UnHackMePortable_9.96.696.paf.exe

description	pid	process
Token: SeBackupPrivilege	592	Unhackme.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

UnHackMePortable_9.96.696.paf.exeUnHackMePortable.exe

description	pid	process	target process
PID 1960 wrote to memory of 1652	1960	UnHackMePortable_9.96.696.paf.exe	UnHackMePortable.exe
PID 1960 wrote to memory of 1652	1960	UnHackMePortable_9.96.696.paf.exe	UnHackMePortable.exe
PID 1960 wrote to memory of 1652	1960	UnHackMePortable_9.96.696.paf.exe	UnHackMePortable.exe
PID 1960 wrote to memory of 1652	1960	UnHackMePortable_9.96.696.paf.exe	UnHackMePortable.exe
PID 1652 wrote to memory of 592	1652	UnHackMePortable.exe	Unhackme.exe
PID 1652 wrote to memory of 592	1652	UnHackMePortable.exe	Unhackme.exe
PID 1652 wrote to memory of 592	1652	UnHackMePortable.exe	Unhackme.exe
PID 1652 wrote to memory of 592	1652	UnHackMePortable.exe	Unhackme.exe

C:\Users\Admin\AppData\Local\Temp\UnHackMePortable_9.96.696.paf.exe
"C:\Users\Admin\AppData\Local\Temp\UnHackMePortable_9.96.696.paf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1960

C:\Users\Admin\Desktop\UnHackMePortable\UnHackMePortable.exe
"C:\Users\Admin\Desktop\UnHackMePortable\UnHackMePortable.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1652

C:\Users\Admin\Desktop\UnHackMePortable\App\unhackme\Unhackme.exe
"C:\Users\Admin\Desktop\UnHackMePortable\App\unhackme\Unhackme.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:592

C:\Users\Admin\Desktop\UnHackMePortable\App\unhackme\reanimator.exe
"C:\Users\Admin\Desktop\UnHackMePortable\App\unhackme\reanimator.exe" /wiz /full /malw
4⤵
PID:1912

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\UnHackMePortable\App\AppInfo\Launcher\UnHackMePortable.ini
MD5
803fc9358fa1d9c508472c7d880acbc2

SHA1
5c1a4f7665fb96fcf9d9efb3635b232bb64ccac0

SHA256
90d9eb3ade093977c38d27bb441ca7dae7cdebe308d056a6b84640d0ba784ef2

SHA512
b400567261ac233f566c91f0de1cc75b4ca30f9f721ca89e68eab7e6ccf51d04337acb8c494453ad6656a4c717c3b9ad5298774e57c3854ea008a4203b1f7d8b

Download Submit
C:\Users\Admin\Desktop\UnHackMePortable\App\AppInfo\Launcher\splash.jpg
MD5
19b0e640388d7bdd64e3fca3e9136acc

SHA1
4011afed4c15af524d5ff112de5b9f4b905c898e

SHA256
c3f5815c98a9a4f0bd9607abf24e09614b40b376ae2b9795b68869e90d0c4036

SHA512
50e2fb5d058c7ec8a4ddfe8a2945199fc53cfe290a67f3921ec523ca89c9097511ad25e3b394d1632ed635774a0bb2f35d860da17603a3720a68638ea3914ec5

Download Submit
C:\Users\Admin\Desktop\UnHackMePortable\App\AppInfo\appinfo.ini
MD5
fe718b5bfec5a0f4e017548dbba49bad

SHA1
cabe5e9e83b316a3662432294027e5a02b988c3b

SHA256
140a6c5360e9a77ddfed9d0a27c9e1586347607692a04277d48dfeeec3dac523

SHA512
14df747e3d724b1dd31c0ee72fe5d5024c50bb7bacac4b4dcffd6c75b1a2e136e61b88700ffe276c3d29c5f99fa76cdb613f90bb795fe7f8194df8d33a1617b9

Download Submit
C:\Users\Admin\Desktop\UnHackMePortable\App\DefaultData\settings\unhackme.log
MD5
55041f0eda59b3530d6288410f238e7b

SHA1
c7a32436aecf8f64d192500483893982165ede20

SHA256
381a3cf9fae9c9069dfdb0de5ab0f4a990ee0e40a16eec973a0100240ccf7dd9

SHA512
3095a2e41df7cc650142f930522f73d910b6b4db35d3953f058f9e6f5e1d8ceace24d081135067b92b20d396480d53bc3df0fa1eeeb9f616cb701e8628db3aaf

Download Submit
C:\Users\Admin\Desktop\UnHackMePortable\App\unhackme\Unhackme.exe
MD5
59a0c910874a1e01a6954bc43fd6fadc

SHA1
9646177cbaaf5ea9b533c9e56c51acf32e2c490a

SHA256
a7ac17354bcd4b21bb8a7898a4c6fde9c740db453bba9a80c411531dcafc085a

SHA512
00d54ecbf48e911626154595976eec96aac3ec96d1d996124d8edb982414de10cd85bf5582d450d663415b7cd38817d1a79f190fa41672cdb0e4d1e8faa756c6

Download Submit
C:\Users\Admin\Desktop\UnHackMePortable\App\unhackme\Unhackme.exe
MD5
59a0c910874a1e01a6954bc43fd6fadc

SHA1
9646177cbaaf5ea9b533c9e56c51acf32e2c490a

SHA256
a7ac17354bcd4b21bb8a7898a4c6fde9c740db453bba9a80c411531dcafc085a

SHA512
00d54ecbf48e911626154595976eec96aac3ec96d1d996124d8edb982414de10cd85bf5582d450d663415b7cd38817d1a79f190fa41672cdb0e4d1e8faa756c6

Download Submit
C:\Users\Admin\Desktop\UnHackMePortable\App\unhackme\aspr_keys.ini
MD5
1fb8180d972a96b2baccdd83ee59c1d3

SHA1
af0dc1d8dd9cffdc85a9541747bb3267614300f7

SHA256
c542e6a75846b70c7846bb4a6dda71dab6056d2c874080338a2f5cb6b97e3c61

SHA512
7e79c118a5e6337a88aa0bbae7208e805ccffa909b3bd1b382f67cde281821486932dda1b47099483280535b6be1343dba5e8abaea318a39228f7dc8af9cc1cc

Download Submit
C:\Users\Admin\Desktop\UnHackMePortable\App\unhackme\dbs.db
MD5
21d8507f6c203cd83a0966d3f44de7c4

SHA1
2de753f74540174456a5df44c16752b285e89c39

SHA256
3aab57d2628ea0f235ec9fe93c98998d23ec4470b2051461a6fa644a1d99f3d7

SHA512
8c8f8d106e949664024c003d50e4ebbfaae345e2bb32992af09dd5537b7baa15171ad3f938c7a4f868df0340298a271d11a135a0bf13b4a0ca4a38c72a668838

Download Submit
C:\Users\Admin\Desktop\UnHackMePortable\App\unhackme\parser.dll
MD5
333961bb8ab2055af0d69a3d812d1d21

SHA1
56e3d2dbb2cce5102cf40667bce7f2897c2fac62

SHA256
bb96edc20c2868d5a180634c74f7bd0188fb95f5bfcf2b5dfaeb758ce439388c

SHA512
2bb302ab9d25fb83c3af65bc45ca6d7e2e5f8d293e4415ff7db5c733ad0814c8df7e4100f6febd43830963c84b4c5de840150ab7cdd40a0c5b7b17581313189e

Download Submit
C:\Users\Admin\Desktop\UnHackMePortable\App\unhackme\reanimator.exe
MD5
594c9206883bfc696d1dc607f085a85f

SHA1
f1fcedccddbb4d50e347a9239296048480638a73

SHA256
7102b912dbeb237767d1bc7cafdc232d3775ebaf1dc2667926e62668649902c5

SHA512
b186583e88ce8fdb9d72f94df87e3fea3fea7c555652dd718dac5f95d36b63ad01947babff84e31b7bd25faccf6a753b88cbe4a05e848c2b43fb31bfa3d7c59d

Download Submit
C:\Users\Admin\Desktop\UnHackMePortable\App\unhackme\reanimator.exe
MD5
df1e81be147b0af6497cb3f0ae9652b0

SHA1
afaa19b9b9ba629fab294715cddef40e04973af4

SHA256
6c1676413967cdfc71e88222fd031db2749d483e596fd601f8cd2d1f9430d25d

SHA512
14ca77edf333ac3ee9ef017927bfee1c8cd1aae7cd77507e65ca23673e328a3540614cbb0827208559ac00f9722a31efcc9aa01a81162decffaf15db75ac68af

Download Submit
C:\Users\Admin\Desktop\UnHackMePortable\App\unhackme\unhackme.log
MD5
7aa5feb23be51469af7e4579e588847e

SHA1
9c8331cac2bbebfb4cdef74994c23efe0ca73e69

SHA256
3d67b1fa5eedd83783e98ff3faa4812f7144fd0b67e025d9b7dfe539badb074e

SHA512
a4ddc6f70b901d3b331f9d05d4c74a656824ff148d9b5bcdeabf58c3782271a358d4371e6ac334801e1a2bd5d701ae7d680b4fde2471532e2ef7807f6bbf721d

Download Submit
C:\Users\Admin\Desktop\UnHackMePortable\App\unhackme\unhackme.nat
MD5
cf0f7b675ad858b79973b4179851454c

SHA1
9d3f0304b96a3687915fa66972a87956016763f7

SHA256
28c5345faca6bb0e59b104519c5c90ca62a7acdbb6dada9349e111b3a8b0462a

SHA512
7a2d2d12738c469a6dff1bb088cacaebcfa18447c639eea923ce31b1f8f2a9aaf3750fe2afa128dbb097846f9f71a7113b608078f611ce30169403d6321c1534

Download Submit
C:\Users\Admin\Desktop\UnHackMePortable\App\unhackme\winspool.drv
MD5
b84714883d5e07ff0258034689faa624

SHA1
adc8c97becc257c243bf825e95f5d45e5a28e8ff

SHA256
5d26ee786af17ec7350a702c03c1755849ccf10c055fcc151c1f832855d96a76

SHA512
1c5913415d846c716284f80246d6167b2560374db0eb803271918d649d7eb9bac45850209afc6a713b93543dc38912e8b93aec35c6e31cd93b94c5fd697c924a

Download Submit
C:\Users\Admin\Desktop\UnHackMePortable\UnHackMePortable.exe
MD5
25741060c474adc623f5ef994e114252

SHA1
58445fa79ff46a8e20852bbe41bdfc6d9c7c92ab

SHA256
cea317e59de8e504c4071ffbc97342614dc6c0c03231bfe0feb593a8e2c5fd60

SHA512
894897e31e37572f59a44283d8c983234eb2862b4521401dfdd4a7f4e86ec0f3293364ad1f033e19f141758c6371ac0c9e885a231b020ef3eb9a07c02cb11acf

Download Submit
C:\Users\Admin\Desktop\UnHackMePortable\UnHackMePortable.exe
MD5
25741060c474adc623f5ef994e114252

SHA1
58445fa79ff46a8e20852bbe41bdfc6d9c7c92ab

SHA256
cea317e59de8e504c4071ffbc97342614dc6c0c03231bfe0feb593a8e2c5fd60

SHA512
894897e31e37572f59a44283d8c983234eb2862b4521401dfdd4a7f4e86ec0f3293364ad1f033e19f141758c6371ac0c9e885a231b020ef3eb9a07c02cb11acf

Download Submit
\Users\Admin\AppData\Local\Temp\nsi1A8.tmp\FindProcDLL.dll
MD5
ba4c1dfe226d573d516c0529f263011e

SHA1
d726e947633ea75c09bba1cb6a14a79ce953be24

SHA256
2ffe1ac2555e822b4a383996168031e456f09f9cf3bb763fccee35be178cf58a

SHA512
73d607f0cc27eb3b1966911edf669417249bbcaa2d07f037cb3d3d3eaf368110e7e683d0e2186b06820302cd17041d5f60adab1d0ad0ebc03e34075cea37f5f8

Download Submit
\Users\Admin\AppData\Local\Temp\nsi1A8.tmp\LangDLL.dll
MD5
3dd80dff583544514eeb3a5ed851a519

SHA1
56f7324d9d4230c96d1963e7b3e02b05a6cf5c24

SHA256
86cff5eaca76c49f924cb123d242fdcfd45ab99c4b638d3b8f4a8cfb1970ab5b

SHA512
955f4df195b5d134449904e9020f80125cfb64d70d9482ff583451f3fcb10d15577ceac4180f71a96452d8478f6365160ab15731f9a79a494383087c9310fd1d

Download Submit
\Users\Admin\AppData\Local\Temp\nsi1A8.tmp\System.dll
MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
\Users\Admin\AppData\Local\Temp\nsi1A8.tmp\System.dll
MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
\Users\Admin\AppData\Local\Temp\nsi1A8.tmp\nsDialogs.dll
MD5
ca95c9da8cef7062813b989ab9486201

SHA1
c555af25df3de51aa18d487d47408d5245dba2d1

SHA256
feb6364375d0ab081e9cdf11271c40cb966af295c600903383b0730f0821c0be

SHA512
a30d94910204d1419c803dc12d90a9d22f63117e4709b1a131d8c4d5ead7e4121150e2c8b004a546b33c40c294df0a74567013001f55f37147d86bb847d7bbc9

Download Submit
\Users\Admin\AppData\Local\Temp\nsi1A8.tmp\w7tbp.dll
MD5
9a3031cc4cef0dba236a28eecdf0afb5

SHA1
708a76aa56f77f1b0ebc62b023163c2e0426f3ac

SHA256
53bb519e3293164947ac7cbd7e612f637d77a7b863e3534ba1a7e39b350d3c00

SHA512
8fddde526e7d10d77e247ea80b273beae9dde1d4112806f1f5c3e6a409247d54d8a4445ab5bdd77025a434c3d1dcfdf480dac21abbdb13a308d5eb74517fab53

Download Submit
\Users\Admin\AppData\Local\Temp\nst1BFB.tmp\System.dll
MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nst1BFB.tmp\newadvsplash.dll
MD5
55a723e125afbc9b3a41d46f41749068

SHA1
01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c

SHA256
0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06

SHA512
559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c

Download Submit
\Users\Admin\AppData\Local\Temp\nst1BFB.tmp\registry.dll
MD5
2880bf3bbbc8dcaeb4367df8a30f01a8

SHA1
cb5c65eae4ae923514a67c95ada2d33b0c3f2118

SHA256
acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973

SHA512
ca978702ce7aa04f8d9781a819a57974f9627e969138e23e81e0792ff8356037c300bb27a37a9b5c756220a7788a583c8e40cc23125bcbe48849561b159c4fa3

Download Submit
\Users\Admin\Desktop\UnHackMePortable\App\unhackme\Unhackme.exe
MD5
59a0c910874a1e01a6954bc43fd6fadc

SHA1
9646177cbaaf5ea9b533c9e56c51acf32e2c490a

SHA256
a7ac17354bcd4b21bb8a7898a4c6fde9c740db453bba9a80c411531dcafc085a

SHA512
00d54ecbf48e911626154595976eec96aac3ec96d1d996124d8edb982414de10cd85bf5582d450d663415b7cd38817d1a79f190fa41672cdb0e4d1e8faa756c6

Download Submit
\Users\Admin\Desktop\UnHackMePortable\App\unhackme\WINSPOOL.DRV
MD5
b84714883d5e07ff0258034689faa624

SHA1
adc8c97becc257c243bf825e95f5d45e5a28e8ff

SHA256
5d26ee786af17ec7350a702c03c1755849ccf10c055fcc151c1f832855d96a76

SHA512
1c5913415d846c716284f80246d6167b2560374db0eb803271918d649d7eb9bac45850209afc6a713b93543dc38912e8b93aec35c6e31cd93b94c5fd697c924a

Download Submit
\Users\Admin\Desktop\UnHackMePortable\App\unhackme\WINSPOOL.DRV
MD5
b84714883d5e07ff0258034689faa624

SHA1
adc8c97becc257c243bf825e95f5d45e5a28e8ff

SHA256
5d26ee786af17ec7350a702c03c1755849ccf10c055fcc151c1f832855d96a76

SHA512
1c5913415d846c716284f80246d6167b2560374db0eb803271918d649d7eb9bac45850209afc6a713b93543dc38912e8b93aec35c6e31cd93b94c5fd697c924a

Download Submit
\Users\Admin\Desktop\UnHackMePortable\App\unhackme\parser.dll
MD5
333961bb8ab2055af0d69a3d812d1d21

SHA1
56e3d2dbb2cce5102cf40667bce7f2897c2fac62

SHA256
bb96edc20c2868d5a180634c74f7bd0188fb95f5bfcf2b5dfaeb758ce439388c

SHA512
2bb302ab9d25fb83c3af65bc45ca6d7e2e5f8d293e4415ff7db5c733ad0814c8df7e4100f6febd43830963c84b4c5de840150ab7cdd40a0c5b7b17581313189e

Download Submit
\Users\Admin\Desktop\UnHackMePortable\App\unhackme\reanimator.exe
MD5
3afecb95092af457e56110172ee51a0b

SHA1
83de7f6b9edc31e6814c8102db440fd9284f42b1

SHA256
c7afe950907f6c29ec886540e7b55325fd78147c948ecb44ad19b840729e8b97

SHA512
cb36912da89af453a254374ca12c826976ee00cf12890938215846a5b775ab0f7de97826e422201642b57057f6ab9f38ddb21af935b815faeb678f78f3ea117c

Download Submit
\Users\Admin\Desktop\UnHackMePortable\App\unhackme\reanimator.exe
MD5
f6d17ce19996fe803968522638cc8f90

SHA1
409a6597024f22d637c482333dda726ae78c7237

SHA256
802566718682150e9ce1367fbacab696dd60ce350408e6f8b6205c731670fb23

SHA512
df08b27221e7d1eed2bb69db29a386b5f82590d722743c096b644997cb26ef08a400005f674a06c92bd722b789811b116179694042d67151d1f8a0e811b9a53e

Download Submit
\Users\Admin\Desktop\UnHackMePortable\App\unhackme\reanimator.exe
MD5
41c8b5866dfd66f0a1391c1f84fcd813

SHA1
5322a570f21893957ba22fbdff7e2de1595e494e

SHA256
587d79a7030e359408c76fe6c160af6b8561ac728de32423f53013436c3a10f8

SHA512
a35a80e7fdecf42db29b783a89bdcd93142329d60ae18b02925f20c9819d61e57e1ed168de687dd0344345dbb0315ef69ed464ae962f933bfa94adaa1dfdaa36

Download Submit
\Users\Admin\Desktop\UnHackMePortable\App\unhackme\reanimator.exe
MD5
fcfac0a7496f971a1b268bae5e4d825e

SHA1
25f6dd79a015c43706e3479ff19e4761dd2334c2

SHA256
12e41cb99adf944e5ae735abddbd0fd018298226e6b28d049f3d8702f82ab854

SHA512
78b9a6891af26d75daff148c9310305526c304f018b2fc301af7f6d1d72f66b338574d0ae81fda52ca9ce2bed510c3ef97e0b0ab9ebba213e7762160da68bfba

Download Submit
\Users\Admin\Desktop\UnHackMePortable\UnHackMePortable.exe
MD5
25741060c474adc623f5ef994e114252

SHA1
58445fa79ff46a8e20852bbe41bdfc6d9c7c92ab

SHA256
cea317e59de8e504c4071ffbc97342614dc6c0c03231bfe0feb593a8e2c5fd60

SHA512
894897e31e37572f59a44283d8c983234eb2862b4521401dfdd4a7f4e86ec0f3293364ad1f033e19f141758c6371ac0c9e885a231b020ef3eb9a07c02cb11acf

Download Submit
memory/592-117-0x0000000003880000-0x0000000003881000-memory.dmp

Filesize
4KB

Download
memory/592-135-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/592-102-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/592-103-0x0000000000880000-0x0000000000881000-memory.dmp

Filesize
4KB

Download
memory/592-104-0x00000000009D0000-0x00000000009D1000-memory.dmp

Filesize
4KB

Download
memory/592-105-0x00000000009C0000-0x00000000009C1000-memory.dmp

Filesize
4KB

Download
memory/592-106-0x00000000009A0000-0x00000000009A1000-memory.dmp

Filesize
4KB

Download
memory/592-107-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/592-108-0x00000000009E0000-0x00000000009E1000-memory.dmp

Filesize
4KB

Download
memory/592-109-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/592-111-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/592-110-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/592-113-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/592-112-0x0000000002700000-0x0000000002701000-memory.dmp

Filesize
4KB

Download
memory/592-116-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/592-114-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/592-100-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/592-119-0x0000000003440000-0x0000000003441000-memory.dmp

Filesize
4KB

Download
memory/592-118-0x0000000003440000-0x0000000003441000-memory.dmp

Filesize
4KB

Download
memory/592-115-0x0000000003440000-0x0000000003441000-memory.dmp

Filesize
4KB

Download
memory/592-120-0x0000000003440000-0x0000000003441000-memory.dmp

Filesize
4KB

Download
memory/592-121-0x0000000003440000-0x0000000003441000-memory.dmp

Filesize
4KB

Download
memory/592-122-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/592-123-0x0000000002860000-0x0000000002861000-memory.dmp

Filesize
4KB

Download
memory/592-125-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/592-124-0x00000000028B0000-0x00000000028B1000-memory.dmp

Filesize
4KB

Download
memory/592-127-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/592-126-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download
memory/592-128-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/592-129-0x00000000028C0000-0x00000000028C1000-memory.dmp

Filesize
4KB

Download
memory/592-130-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/592-131-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/592-132-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/592-133-0x00000000009F0000-0x00000000009F1000-memory.dmp

Filesize
4KB

Download
memory/592-134-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/592-101-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/592-136-0x0000000003400000-0x0000000003401000-memory.dmp

Filesize
4KB

Download
memory/592-137-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/592-138-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/592-139-0x0000000003410000-0x0000000003411000-memory.dmp

Filesize
4KB

Download
memory/592-140-0x00000000009F0000-0x00000000009F1000-memory.dmp

Filesize
4KB

Download
memory/592-141-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/592-142-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/592-144-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/592-143-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/592-145-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/592-146-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/592-147-0x00000000033F0000-0x00000000033F3000-memory.dmp

Filesize
12KB

Download
memory/592-148-0x0000000003440000-0x0000000003441000-memory.dmp

Filesize
4KB

Download
memory/592-149-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/592-150-0x0000000002C60000-0x0000000002C61000-memory.dmp

Filesize
4KB

Download
memory/592-151-0x0000000002C50000-0x0000000002C51000-memory.dmp

Filesize
4KB

Download
memory/592-152-0x0000000003440000-0x0000000003441000-memory.dmp

Filesize
4KB

Download
memory/592-99-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/592-98-0x0000000003400000-0x0000000003401000-memory.dmp

Filesize
4KB

Download
memory/592-97-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/592-96-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/592-95-0x00000000027D0000-0x00000000027D1000-memory.dmp

Filesize
4KB

Download
memory/592-94-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/592-93-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/592-83-0x0000000000000000-mapping.dmp

Download
memory/592-89-0x0000000000330000-0x000000000038A000-memory.dmp

Filesize
360KB

Download
memory/592-92-0x00000000027F0000-0x00000000027F1000-memory.dmp

Filesize
4KB

Download
memory/592-91-0x0000000002800000-0x0000000002801000-memory.dmp

Filesize
4KB

Download
memory/592-90-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/1652-68-0x0000000000000000-mapping.dmp

Download
memory/1912-249-0x0000000000000000-mapping.dmp

Download
memory/1912-267-0x0000000003A70000-0x0000000003AAD000-memory.dmp

Filesize
244KB

Download
memory/1960-60-0x0000000075201000-0x0000000075203000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads