3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a

Analysis

max time kernel
149s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-07-2022 09:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
Size

799KB
MD5

c2f3613cb5a3970dda3504d2d92a60a4
SHA1

76ad3d4267fc8c77d0606160d599b57fd9a2eb50
SHA256

3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a
SHA512

670b115b615eac3572eb60ac62e20d9108220011c5038e8a812562943e56ebe65254ba0acab16252b2e96b60fd7aec10b872f95fa27e7d33adaca4483594c9de

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

Processes:

3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exeHelpMe.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 6 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\AutoRun.exe	aspack_v212_v242
C:\$Recycle.Bin\S-1-5-21-1083475884-596052423-1669053738-1000\desktop.ini.exe	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

2024 HelpMe.exe

pid	process
2024	HelpMe.exe

Drops startup file 3 IoCs

Processes:

HelpMe.exe3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Loads dropped DLL 2 IoCs

Processes:

3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe

pid	process
800	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
800	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exeHelpMe.exe

description	ioc	process
File opened (read-only)	\??\H:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\R:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\Z:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\J:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\K:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\W:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\F:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\A:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\E:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\F:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\U:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\P:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\X:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\B:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\G:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\L:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\N:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\S:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\V:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\M:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\T:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\I:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\O:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\Q:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\Y:	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
File opened (read-only)	\??\A:	HelpMe.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

HelpMe.exe3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe

description	ioc	process
File opened for modification	C:\AUTORUN.INF	HelpMe.exe
File opened for modification	C:\AUTORUN.INF	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe

Drops file in System32 directory 2 IoCs

Processes:

HelpMe.exe3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe

description	pid	process	target process
PID 800 wrote to memory of 2024	800	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe	HelpMe.exe
PID 800 wrote to memory of 2024	800	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe	HelpMe.exe
PID 800 wrote to memory of 2024	800	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe	HelpMe.exe
PID 800 wrote to memory of 2024	800	3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe
"C:\Users\Admin\AppData\Local\Temp\3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:800

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
PID:2024

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1083475884-596052423-1669053738-1000\desktop.ini.exe
Filesize
607KB

MD5
6371cc5f0ea7e5b054791ec3105b6cee

SHA1
e950e84426856b3b7eee6f631d2e6cc4a6181b99

SHA256
147ff96d703fe2d8dff8b18233074e6a2eb867b5b03b85e6631b54ff4448bff9

SHA512
41a4e0fa9aee40e51f0f3cf831d79fca1d29addc3fa8c514de351ee281c00e4b0b2805669de0d6aa8b19f58ac31587aae34948e36cf72acd976f92a243294248

Download Submit
C:\AutoRun.exe
Filesize
799KB

MD5
c2f3613cb5a3970dda3504d2d92a60a4

SHA1
76ad3d4267fc8c77d0606160d599b57fd9a2eb50

SHA256
3bbb61ea13ee812ecbe511d32ef43af42bb8199d2ce1ff2f46326591c8e7098a

SHA512
670b115b615eac3572eb60ac62e20d9108220011c5038e8a812562943e56ebe65254ba0acab16252b2e96b60fd7aec10b872f95fa27e7d33adaca4483594c9de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c3244731db9361ca2e744986c32d4f8e

SHA1
52da892829e58d7d0cebd940a235d5ade9882547

SHA256
f929b8f5a06b11db4a96fd8e7e49d9223d11a2cbf9c56b9beb2fd23d68c30344

SHA512
1af20b044262089f63ebe24dabf302a927f1c8b9f143127c90fa9bb73916c9c147fd78896261fb7e5882b03ed462d6ebf41fd8fb23529c51b88271e876d2a339

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c3244731db9361ca2e744986c32d4f8e

SHA1
52da892829e58d7d0cebd940a235d5ade9882547

SHA256
f929b8f5a06b11db4a96fd8e7e49d9223d11a2cbf9c56b9beb2fd23d68c30344

SHA512
1af20b044262089f63ebe24dabf302a927f1c8b9f143127c90fa9bb73916c9c147fd78896261fb7e5882b03ed462d6ebf41fd8fb23529c51b88271e876d2a339

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c3244731db9361ca2e744986c32d4f8e

SHA1
52da892829e58d7d0cebd940a235d5ade9882547

SHA256
f929b8f5a06b11db4a96fd8e7e49d9223d11a2cbf9c56b9beb2fd23d68c30344

SHA512
1af20b044262089f63ebe24dabf302a927f1c8b9f143127c90fa9bb73916c9c147fd78896261fb7e5882b03ed462d6ebf41fd8fb23529c51b88271e876d2a339

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c3244731db9361ca2e744986c32d4f8e

SHA1
52da892829e58d7d0cebd940a235d5ade9882547

SHA256
f929b8f5a06b11db4a96fd8e7e49d9223d11a2cbf9c56b9beb2fd23d68c30344

SHA512
1af20b044262089f63ebe24dabf302a927f1c8b9f143127c90fa9bb73916c9c147fd78896261fb7e5882b03ed462d6ebf41fd8fb23529c51b88271e876d2a339

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c3244731db9361ca2e744986c32d4f8e

SHA1
52da892829e58d7d0cebd940a235d5ade9882547

SHA256
f929b8f5a06b11db4a96fd8e7e49d9223d11a2cbf9c56b9beb2fd23d68c30344

SHA512
1af20b044262089f63ebe24dabf302a927f1c8b9f143127c90fa9bb73916c9c147fd78896261fb7e5882b03ed462d6ebf41fd8fb23529c51b88271e876d2a339

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c3244731db9361ca2e744986c32d4f8e

SHA1
52da892829e58d7d0cebd940a235d5ade9882547

SHA256
f929b8f5a06b11db4a96fd8e7e49d9223d11a2cbf9c56b9beb2fd23d68c30344

SHA512
1af20b044262089f63ebe24dabf302a927f1c8b9f143127c90fa9bb73916c9c147fd78896261fb7e5882b03ed462d6ebf41fd8fb23529c51b88271e876d2a339

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c3244731db9361ca2e744986c32d4f8e

SHA1
52da892829e58d7d0cebd940a235d5ade9882547

SHA256
f929b8f5a06b11db4a96fd8e7e49d9223d11a2cbf9c56b9beb2fd23d68c30344

SHA512
1af20b044262089f63ebe24dabf302a927f1c8b9f143127c90fa9bb73916c9c147fd78896261fb7e5882b03ed462d6ebf41fd8fb23529c51b88271e876d2a339

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
5dc328d43a47c8ff0ce06323d288f4a9

SHA1
c37040613888d77672f820edb7e361183bb5bb7f

SHA256
ef2783f404a864e15bd379b05c40d04234c2d52280cdb029cf51fdc7272224a0

SHA512
02938ffa39769a425dd939afd2a27bbf9320a3d22ed571f780e1dbf2f47c4af68b517ebf33cb827be986c943edace99e54f6db42b040852262b1341bb1c7c978

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c3244731db9361ca2e744986c32d4f8e

SHA1
52da892829e58d7d0cebd940a235d5ade9882547

SHA256
f929b8f5a06b11db4a96fd8e7e49d9223d11a2cbf9c56b9beb2fd23d68c30344

SHA512
1af20b044262089f63ebe24dabf302a927f1c8b9f143127c90fa9bb73916c9c147fd78896261fb7e5882b03ed462d6ebf41fd8fb23529c51b88271e876d2a339

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c3244731db9361ca2e744986c32d4f8e

SHA1
52da892829e58d7d0cebd940a235d5ade9882547

SHA256
f929b8f5a06b11db4a96fd8e7e49d9223d11a2cbf9c56b9beb2fd23d68c30344

SHA512
1af20b044262089f63ebe24dabf302a927f1c8b9f143127c90fa9bb73916c9c147fd78896261fb7e5882b03ed462d6ebf41fd8fb23529c51b88271e876d2a339

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c3244731db9361ca2e744986c32d4f8e

SHA1
52da892829e58d7d0cebd940a235d5ade9882547

SHA256
f929b8f5a06b11db4a96fd8e7e49d9223d11a2cbf9c56b9beb2fd23d68c30344

SHA512
1af20b044262089f63ebe24dabf302a927f1c8b9f143127c90fa9bb73916c9c147fd78896261fb7e5882b03ed462d6ebf41fd8fb23529c51b88271e876d2a339

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c3244731db9361ca2e744986c32d4f8e

SHA1
52da892829e58d7d0cebd940a235d5ade9882547

SHA256
f929b8f5a06b11db4a96fd8e7e49d9223d11a2cbf9c56b9beb2fd23d68c30344

SHA512
1af20b044262089f63ebe24dabf302a927f1c8b9f143127c90fa9bb73916c9c147fd78896261fb7e5882b03ed462d6ebf41fd8fb23529c51b88271e876d2a339

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c3244731db9361ca2e744986c32d4f8e

SHA1
52da892829e58d7d0cebd940a235d5ade9882547

SHA256
f929b8f5a06b11db4a96fd8e7e49d9223d11a2cbf9c56b9beb2fd23d68c30344

SHA512
1af20b044262089f63ebe24dabf302a927f1c8b9f143127c90fa9bb73916c9c147fd78896261fb7e5882b03ed462d6ebf41fd8fb23529c51b88271e876d2a339

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c3244731db9361ca2e744986c32d4f8e

SHA1
52da892829e58d7d0cebd940a235d5ade9882547

SHA256
f929b8f5a06b11db4a96fd8e7e49d9223d11a2cbf9c56b9beb2fd23d68c30344

SHA512
1af20b044262089f63ebe24dabf302a927f1c8b9f143127c90fa9bb73916c9c147fd78896261fb7e5882b03ed462d6ebf41fd8fb23529c51b88271e876d2a339

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e2c1ac604e23d60add6372018997e7f8

SHA1
abae97a00847fc5f2241ad398e2076e0d7a5f4ab

SHA256
7d46f4ffbef2513d1336826a53c9579ebc3c82b9156b2c15fde8c3ef21295cd3

SHA512
a1bc292dcd4ebece011aedc1f4efdbed1eb71ff2478cb6f9e6adb0e027642ec619b3962da0024e2a72633e1e9ba962a57bf48f615a73e5348837e96eb3abe71f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c3244731db9361ca2e744986c32d4f8e

SHA1
52da892829e58d7d0cebd940a235d5ade9882547

SHA256
f929b8f5a06b11db4a96fd8e7e49d9223d11a2cbf9c56b9beb2fd23d68c30344

SHA512
1af20b044262089f63ebe24dabf302a927f1c8b9f143127c90fa9bb73916c9c147fd78896261fb7e5882b03ed462d6ebf41fd8fb23529c51b88271e876d2a339

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
606KB

MD5
f5c291dc4372f6ee6ecc385646272888

SHA1
92babb62ad886205ab7b90d458ba5487917bf055

SHA256
245106ede064726e057bb953c719ce01b8f32782db4903cefc0d389683c129d2

SHA512
9ab401ad8ddd888efaf72a359f528677f633c6aa74ca60a9186ef0a4a8206d720275b09af9ecc16722ecd7fa3730016cf804a97215544781182f0d267c08f474

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
606KB

MD5
f5c291dc4372f6ee6ecc385646272888

SHA1
92babb62ad886205ab7b90d458ba5487917bf055

SHA256
245106ede064726e057bb953c719ce01b8f32782db4903cefc0d389683c129d2

SHA512
9ab401ad8ddd888efaf72a359f528677f633c6aa74ca60a9186ef0a4a8206d720275b09af9ecc16722ecd7fa3730016cf804a97215544781182f0d267c08f474

Download Submit
\Windows\SysWOW64\HelpMe.exe
Filesize
606KB

MD5
f5c291dc4372f6ee6ecc385646272888

SHA1
92babb62ad886205ab7b90d458ba5487917bf055

SHA256
245106ede064726e057bb953c719ce01b8f32782db4903cefc0d389683c129d2

SHA512
9ab401ad8ddd888efaf72a359f528677f633c6aa74ca60a9186ef0a4a8206d720275b09af9ecc16722ecd7fa3730016cf804a97215544781182f0d267c08f474

Download Submit
\Windows\SysWOW64\HelpMe.exe
Filesize
606KB

MD5
f5c291dc4372f6ee6ecc385646272888

SHA1
92babb62ad886205ab7b90d458ba5487917bf055

SHA256
245106ede064726e057bb953c719ce01b8f32782db4903cefc0d389683c129d2

SHA512
9ab401ad8ddd888efaf72a359f528677f633c6aa74ca60a9186ef0a4a8206d720275b09af9ecc16722ecd7fa3730016cf804a97215544781182f0d267c08f474

Download Submit
memory/800-54-0x00000000765F1000-0x00000000765F3000-memory.dmp

Filesize
8KB

Download
memory/2024-57-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads