3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448

Analysis

max time kernel
153s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-07-2022 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
Size

1.1MB
MD5

700d5f491c4a2a65fdfdf9ff0cffd711
SHA1

7cbd8ec5351127aad93b1e7dd3ff553c640fed02
SHA256

3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448
SHA512

db6eb14569740b70148400eaa6b36036b62e7c30e073b48bbdd0c61ca993073f3341058624ffee12f417f9764d3a7bced02c487d0e6ade4224bb702192d6bb3e

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

Processes:

3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exeHelpMe.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 6 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\$Recycle.Bin\S-1-5-21-1083475884-596052423-1669053738-1000\desktop.ini.exe	aspack_v212_v242
C:\AutoRun.exe	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

1556 HelpMe.exe

pid	process
1556	HelpMe.exe

Drops startup file 3 IoCs

Processes:

HelpMe.exe3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Loads dropped DLL 2 IoCs

Processes:

3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe

pid	process
988	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
988	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exeHelpMe.exe

description	ioc	process
File opened (read-only)	\??\R:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\L:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\Z:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\B:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\H:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\I:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\K:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\M:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\W:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\X:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\F:	HelpMe.exe
File opened (read-only)	\??\A:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\Y:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\G:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\J:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\O:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\P:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\U:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\V:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\E:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\N:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\Q:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\S:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\T:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\F:	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exeHelpMe.exe

description	ioc	process
File opened for modification	C:\AUTORUN.INF	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File opened for modification	C:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

Processes:

3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exeHelpMe.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe

description	pid	process	target process
PID 988 wrote to memory of 1556	988	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe	HelpMe.exe
PID 988 wrote to memory of 1556	988	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe	HelpMe.exe
PID 988 wrote to memory of 1556	988	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe	HelpMe.exe
PID 988 wrote to memory of 1556	988	3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe
"C:\Users\Admin\AppData\Local\Temp\3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:988

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
PID:1556

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1083475884-596052423-1669053738-1000\desktop.ini.exe
Filesize
1.1MB

MD5
239300803f280ed0db287d65ebb785f3

SHA1
db3cf4e1ab528b1b3c288ca3331da8c0994df43e

SHA256
3feed59235d3ef1b85c2e61491475ab79e0d0679dd0c5e2a715ce50319b1d347

SHA512
21fe7b5d45b1ee251b76ba1e73d8aced726615f6a976431d4804b77365a8450c439097ea554f30019e2a91bf442fc06576c07a835bcf085e28d2711487edc70b

Download Submit
C:\AutoRun.exe
Filesize
1.1MB

MD5
700d5f491c4a2a65fdfdf9ff0cffd711

SHA1
7cbd8ec5351127aad93b1e7dd3ff553c640fed02

SHA256
3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448

SHA512
db6eb14569740b70148400eaa6b36036b62e7c30e073b48bbdd0c61ca993073f3341058624ffee12f417f9764d3a7bced02c487d0e6ade4224bb702192d6bb3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f1fe99144668848dad947de740508c89

SHA1
4e4901cd4a3eac87a6087b21dec79bc416104201

SHA256
a1ed508f1fd7b33479f00fa0e18fc6c7a6a0822247eb0470eb2a7e8ad7a5482f

SHA512
699828ac01e1d503eb5fc2ed131c0c57d4953b3600dadb153b7172e3be5984a089dfe2ed97488a81822ec19ae779f4bf8cfbb9293b37c848ce0a4e831a75f9f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f1fe99144668848dad947de740508c89

SHA1
4e4901cd4a3eac87a6087b21dec79bc416104201

SHA256
a1ed508f1fd7b33479f00fa0e18fc6c7a6a0822247eb0470eb2a7e8ad7a5482f

SHA512
699828ac01e1d503eb5fc2ed131c0c57d4953b3600dadb153b7172e3be5984a089dfe2ed97488a81822ec19ae779f4bf8cfbb9293b37c848ce0a4e831a75f9f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f1fe99144668848dad947de740508c89

SHA1
4e4901cd4a3eac87a6087b21dec79bc416104201

SHA256
a1ed508f1fd7b33479f00fa0e18fc6c7a6a0822247eb0470eb2a7e8ad7a5482f

SHA512
699828ac01e1d503eb5fc2ed131c0c57d4953b3600dadb153b7172e3be5984a089dfe2ed97488a81822ec19ae779f4bf8cfbb9293b37c848ce0a4e831a75f9f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f1fe99144668848dad947de740508c89

SHA1
4e4901cd4a3eac87a6087b21dec79bc416104201

SHA256
a1ed508f1fd7b33479f00fa0e18fc6c7a6a0822247eb0470eb2a7e8ad7a5482f

SHA512
699828ac01e1d503eb5fc2ed131c0c57d4953b3600dadb153b7172e3be5984a089dfe2ed97488a81822ec19ae779f4bf8cfbb9293b37c848ce0a4e831a75f9f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f1fe99144668848dad947de740508c89

SHA1
4e4901cd4a3eac87a6087b21dec79bc416104201

SHA256
a1ed508f1fd7b33479f00fa0e18fc6c7a6a0822247eb0470eb2a7e8ad7a5482f

SHA512
699828ac01e1d503eb5fc2ed131c0c57d4953b3600dadb153b7172e3be5984a089dfe2ed97488a81822ec19ae779f4bf8cfbb9293b37c848ce0a4e831a75f9f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f1fe99144668848dad947de740508c89

SHA1
4e4901cd4a3eac87a6087b21dec79bc416104201

SHA256
a1ed508f1fd7b33479f00fa0e18fc6c7a6a0822247eb0470eb2a7e8ad7a5482f

SHA512
699828ac01e1d503eb5fc2ed131c0c57d4953b3600dadb153b7172e3be5984a089dfe2ed97488a81822ec19ae779f4bf8cfbb9293b37c848ce0a4e831a75f9f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f1fe99144668848dad947de740508c89

SHA1
4e4901cd4a3eac87a6087b21dec79bc416104201

SHA256
a1ed508f1fd7b33479f00fa0e18fc6c7a6a0822247eb0470eb2a7e8ad7a5482f

SHA512
699828ac01e1d503eb5fc2ed131c0c57d4953b3600dadb153b7172e3be5984a089dfe2ed97488a81822ec19ae779f4bf8cfbb9293b37c848ce0a4e831a75f9f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f1fe99144668848dad947de740508c89

SHA1
4e4901cd4a3eac87a6087b21dec79bc416104201

SHA256
a1ed508f1fd7b33479f00fa0e18fc6c7a6a0822247eb0470eb2a7e8ad7a5482f

SHA512
699828ac01e1d503eb5fc2ed131c0c57d4953b3600dadb153b7172e3be5984a089dfe2ed97488a81822ec19ae779f4bf8cfbb9293b37c848ce0a4e831a75f9f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
0e091aab50b3f16d65b1e138ee336c8e

SHA1
4ff33d0a49e4509f3e2b7fb19799d9da161d2d4a

SHA256
b9e0ea1d0f9ff426c23f6fd701147325c7be2e45ea40a6b20c1d2d88ca1dea07

SHA512
91271c12c1538dcf552b6d8d0fd14321ada131f2c8c3ded0e56edf914eaeaab636a40095594631ef657b119d1e38d6d0b2aee502b447830ff6b77e3eacdc2fb2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f1fe99144668848dad947de740508c89

SHA1
4e4901cd4a3eac87a6087b21dec79bc416104201

SHA256
a1ed508f1fd7b33479f00fa0e18fc6c7a6a0822247eb0470eb2a7e8ad7a5482f

SHA512
699828ac01e1d503eb5fc2ed131c0c57d4953b3600dadb153b7172e3be5984a089dfe2ed97488a81822ec19ae779f4bf8cfbb9293b37c848ce0a4e831a75f9f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f1fe99144668848dad947de740508c89

SHA1
4e4901cd4a3eac87a6087b21dec79bc416104201

SHA256
a1ed508f1fd7b33479f00fa0e18fc6c7a6a0822247eb0470eb2a7e8ad7a5482f

SHA512
699828ac01e1d503eb5fc2ed131c0c57d4953b3600dadb153b7172e3be5984a089dfe2ed97488a81822ec19ae779f4bf8cfbb9293b37c848ce0a4e831a75f9f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f1fe99144668848dad947de740508c89

SHA1
4e4901cd4a3eac87a6087b21dec79bc416104201

SHA256
a1ed508f1fd7b33479f00fa0e18fc6c7a6a0822247eb0470eb2a7e8ad7a5482f

SHA512
699828ac01e1d503eb5fc2ed131c0c57d4953b3600dadb153b7172e3be5984a089dfe2ed97488a81822ec19ae779f4bf8cfbb9293b37c848ce0a4e831a75f9f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f1fe99144668848dad947de740508c89

SHA1
4e4901cd4a3eac87a6087b21dec79bc416104201

SHA256
a1ed508f1fd7b33479f00fa0e18fc6c7a6a0822247eb0470eb2a7e8ad7a5482f

SHA512
699828ac01e1d503eb5fc2ed131c0c57d4953b3600dadb153b7172e3be5984a089dfe2ed97488a81822ec19ae779f4bf8cfbb9293b37c848ce0a4e831a75f9f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
7ddd8c0509a9c98a01332afeed62f574

SHA1
3bb27eb6d34de02204271ff27b762b4b18a76f33

SHA256
75b7d7932eada4237e15921e74101aa1b12e13e4501bede257b410de8dada0eb

SHA512
02fd491356967faa03c990b07ea212c3b440883a792b1ef7c02c2420a4975c32377c00bfa702445436bbbfa6d5f5d43e5ecd19bae1f3c7f4d710a07c0684832e

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
1.1MB

MD5
3c7cacbb2de56fe3bbf18387faa3933b

SHA1
1b992dd8072fe0b7b5dfaf8068fe692573fa12f2

SHA256
2d32fcf049b5851357c4c8e99083d6a84e671a444cc1fdee07d49cad3a6f43e9

SHA512
818a51b84c61a5d6692b324537e767a773c57c91897016add4eff93b45d95b3ff014a0debcd6c85fe456eaab175f555e0461c0d975b262becdf6953dbabf792e

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
1.1MB

MD5
3c7cacbb2de56fe3bbf18387faa3933b

SHA1
1b992dd8072fe0b7b5dfaf8068fe692573fa12f2

SHA256
2d32fcf049b5851357c4c8e99083d6a84e671a444cc1fdee07d49cad3a6f43e9

SHA512
818a51b84c61a5d6692b324537e767a773c57c91897016add4eff93b45d95b3ff014a0debcd6c85fe456eaab175f555e0461c0d975b262becdf6953dbabf792e

Download Submit
\Windows\SysWOW64\HelpMe.exe
Filesize
1.1MB

MD5
3c7cacbb2de56fe3bbf18387faa3933b

SHA1
1b992dd8072fe0b7b5dfaf8068fe692573fa12f2

SHA256
2d32fcf049b5851357c4c8e99083d6a84e671a444cc1fdee07d49cad3a6f43e9

SHA512
818a51b84c61a5d6692b324537e767a773c57c91897016add4eff93b45d95b3ff014a0debcd6c85fe456eaab175f555e0461c0d975b262becdf6953dbabf792e

Download Submit
\Windows\SysWOW64\HelpMe.exe
Filesize
1.1MB

MD5
3c7cacbb2de56fe3bbf18387faa3933b

SHA1
1b992dd8072fe0b7b5dfaf8068fe692573fa12f2

SHA256
2d32fcf049b5851357c4c8e99083d6a84e671a444cc1fdee07d49cad3a6f43e9

SHA512
818a51b84c61a5d6692b324537e767a773c57c91897016add4eff93b45d95b3ff014a0debcd6c85fe456eaab175f555e0461c0d975b262becdf6953dbabf792e

Download Submit
memory/988-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download
memory/1556-57-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads