3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17

Analysis

max time kernel
152s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-07-2022 10:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
Size

947KB
MD5

da7f72ec43188019a4c279bef8f4b0ca
SHA1

4f6fc481cd01fea0c261fdb83ac663bcfbe2a753
SHA256

3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17
SHA512

bc96cd25cd21f211c34d53b4f22b6ce4ad5aef1c30a6be10c7d12c634158d73515d9af81fe3aa528e7a539b5a3237287090ccc8d2196374a0bf73b9ffb10b622

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

Processes:

HelpMe.exe3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe

ASPack v2.12-2.42 6 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\AutoRun.exe	aspack_v212_v242
C:\$Recycle.Bin\S-1-5-21-1083475884-596052423-1669053738-1000\desktop.ini.exe	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

904 HelpMe.exe

pid	process
904	HelpMe.exe

Drops startup file 3 IoCs

Processes:

HelpMe.exe3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe

Loads dropped DLL 2 IoCs

Processes:

3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe

pid	process
1784	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
1784	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

HelpMe.exe3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe

description	ioc	process
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\J:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\M:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\T:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\O:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\Z:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\E:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\F:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\K:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\H:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\I:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\U:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\X:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\Y:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\F:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\B:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\W:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\A:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\V:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\P:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\R:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\S:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\G:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\L:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\N:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File opened (read-only)	\??\Q:	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

HelpMe.exe3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe

description	ioc	process
File opened for modification	C:\AUTORUN.INF	HelpMe.exe
File opened for modification	C:\AUTORUN.INF	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe

Drops file in System32 directory 2 IoCs

Processes:

3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exeHelpMe.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe

description	pid	process	target process
PID 1784 wrote to memory of 904	1784	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe	HelpMe.exe
PID 1784 wrote to memory of 904	1784	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe	HelpMe.exe
PID 1784 wrote to memory of 904	1784	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe	HelpMe.exe
PID 1784 wrote to memory of 904	1784	3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe
"C:\Users\Admin\AppData\Local\Temp\3b9a7563843e7ad41a68f3e91e85eb711eb25916fb9d2781e7f533ba4e6aeb17.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1784

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
PID:904

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1083475884-596052423-1669053738-1000\desktop.ini.exe
Filesize
947KB

MD5
def071c134d5ba56adb226f7a1f33023

SHA1
7956db1f259d1315a90e7d26ea7b3d216f9276a9

SHA256
fcc1cbd0c2c587e3db372bbee6cce5e0b46bf484b5ab20c0085352400abb4b54

SHA512
a8ecdbeb857949d71dc9627aea5736ec57efc51cde9061a70d4f5e0df37e78b81a3d9f6f6c6afbedabab2ebf017d93e95fe816d670b90240b400d5c28b08d1ba

Download Submit
C:\AutoRun.exe
Filesize
946KB

MD5
950a578da2e010ecd35442453be24521

SHA1
1d036dbffba6cf4a89bd4fa363b68f874530ed29

SHA256
020f42fa502e180ef726ba7024165dbbf7fb5886e5f46ee493886d4ae1982e3e

SHA512
d9823430c544595db1f4eee121fc0ce1ca35e025f3e78858e59cfc51fb8fbcd94f993a19c1f8a3042020634026db12301cc2f095755ec31819f43a3318f90ef6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
934b30b4fe378f22ef6d0683ab17bc71

SHA1
ca637c1ba8e2dc63c8148ae5195d07d96c6e30c2

SHA256
3e935533b75ed476994713d429f041079785978f51833437888adf670ba6b46e

SHA512
b48d660a68947129c6c05d68a8539f6c7d7074a31853f01c7503837c0a6a9948fd7fb605289fb94844f10c01963c6047b6a91122a6c5915a4b9adbc50b328600

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
934b30b4fe378f22ef6d0683ab17bc71

SHA1
ca637c1ba8e2dc63c8148ae5195d07d96c6e30c2

SHA256
3e935533b75ed476994713d429f041079785978f51833437888adf670ba6b46e

SHA512
b48d660a68947129c6c05d68a8539f6c7d7074a31853f01c7503837c0a6a9948fd7fb605289fb94844f10c01963c6047b6a91122a6c5915a4b9adbc50b328600

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
934b30b4fe378f22ef6d0683ab17bc71

SHA1
ca637c1ba8e2dc63c8148ae5195d07d96c6e30c2

SHA256
3e935533b75ed476994713d429f041079785978f51833437888adf670ba6b46e

SHA512
b48d660a68947129c6c05d68a8539f6c7d7074a31853f01c7503837c0a6a9948fd7fb605289fb94844f10c01963c6047b6a91122a6c5915a4b9adbc50b328600

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
934b30b4fe378f22ef6d0683ab17bc71

SHA1
ca637c1ba8e2dc63c8148ae5195d07d96c6e30c2

SHA256
3e935533b75ed476994713d429f041079785978f51833437888adf670ba6b46e

SHA512
b48d660a68947129c6c05d68a8539f6c7d7074a31853f01c7503837c0a6a9948fd7fb605289fb94844f10c01963c6047b6a91122a6c5915a4b9adbc50b328600

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
934b30b4fe378f22ef6d0683ab17bc71

SHA1
ca637c1ba8e2dc63c8148ae5195d07d96c6e30c2

SHA256
3e935533b75ed476994713d429f041079785978f51833437888adf670ba6b46e

SHA512
b48d660a68947129c6c05d68a8539f6c7d7074a31853f01c7503837c0a6a9948fd7fb605289fb94844f10c01963c6047b6a91122a6c5915a4b9adbc50b328600

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
934b30b4fe378f22ef6d0683ab17bc71

SHA1
ca637c1ba8e2dc63c8148ae5195d07d96c6e30c2

SHA256
3e935533b75ed476994713d429f041079785978f51833437888adf670ba6b46e

SHA512
b48d660a68947129c6c05d68a8539f6c7d7074a31853f01c7503837c0a6a9948fd7fb605289fb94844f10c01963c6047b6a91122a6c5915a4b9adbc50b328600

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
934b30b4fe378f22ef6d0683ab17bc71

SHA1
ca637c1ba8e2dc63c8148ae5195d07d96c6e30c2

SHA256
3e935533b75ed476994713d429f041079785978f51833437888adf670ba6b46e

SHA512
b48d660a68947129c6c05d68a8539f6c7d7074a31853f01c7503837c0a6a9948fd7fb605289fb94844f10c01963c6047b6a91122a6c5915a4b9adbc50b328600

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
934b30b4fe378f22ef6d0683ab17bc71

SHA1
ca637c1ba8e2dc63c8148ae5195d07d96c6e30c2

SHA256
3e935533b75ed476994713d429f041079785978f51833437888adf670ba6b46e

SHA512
b48d660a68947129c6c05d68a8539f6c7d7074a31853f01c7503837c0a6a9948fd7fb605289fb94844f10c01963c6047b6a91122a6c5915a4b9adbc50b328600

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
934b30b4fe378f22ef6d0683ab17bc71

SHA1
ca637c1ba8e2dc63c8148ae5195d07d96c6e30c2

SHA256
3e935533b75ed476994713d429f041079785978f51833437888adf670ba6b46e

SHA512
b48d660a68947129c6c05d68a8539f6c7d7074a31853f01c7503837c0a6a9948fd7fb605289fb94844f10c01963c6047b6a91122a6c5915a4b9adbc50b328600

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
934b30b4fe378f22ef6d0683ab17bc71

SHA1
ca637c1ba8e2dc63c8148ae5195d07d96c6e30c2

SHA256
3e935533b75ed476994713d429f041079785978f51833437888adf670ba6b46e

SHA512
b48d660a68947129c6c05d68a8539f6c7d7074a31853f01c7503837c0a6a9948fd7fb605289fb94844f10c01963c6047b6a91122a6c5915a4b9adbc50b328600

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
934b30b4fe378f22ef6d0683ab17bc71

SHA1
ca637c1ba8e2dc63c8148ae5195d07d96c6e30c2

SHA256
3e935533b75ed476994713d429f041079785978f51833437888adf670ba6b46e

SHA512
b48d660a68947129c6c05d68a8539f6c7d7074a31853f01c7503837c0a6a9948fd7fb605289fb94844f10c01963c6047b6a91122a6c5915a4b9adbc50b328600

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
934b30b4fe378f22ef6d0683ab17bc71

SHA1
ca637c1ba8e2dc63c8148ae5195d07d96c6e30c2

SHA256
3e935533b75ed476994713d429f041079785978f51833437888adf670ba6b46e

SHA512
b48d660a68947129c6c05d68a8539f6c7d7074a31853f01c7503837c0a6a9948fd7fb605289fb94844f10c01963c6047b6a91122a6c5915a4b9adbc50b328600

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
c41cb90da44ce833b3ddb973c5d6c2c0

SHA1
06f736e7fd7d01a0c70a151fe8a347d54d95f61d

SHA256
3129e5be66304b8c02f3781ab766c127451ffeaac867936f6e34302f41bfb44d

SHA512
5e906e5757caad01e3cee30f0030b08108e83f15c22d8fc6c69b005fe52434387b4764cd3831c1ac18a2ca0fe5f1eceacd4d4fe7febe9cd7974ffe5dde42a42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
934b30b4fe378f22ef6d0683ab17bc71

SHA1
ca637c1ba8e2dc63c8148ae5195d07d96c6e30c2

SHA256
3e935533b75ed476994713d429f041079785978f51833437888adf670ba6b46e

SHA512
b48d660a68947129c6c05d68a8539f6c7d7074a31853f01c7503837c0a6a9948fd7fb605289fb94844f10c01963c6047b6a91122a6c5915a4b9adbc50b328600

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
946KB

MD5
950a578da2e010ecd35442453be24521

SHA1
1d036dbffba6cf4a89bd4fa363b68f874530ed29

SHA256
020f42fa502e180ef726ba7024165dbbf7fb5886e5f46ee493886d4ae1982e3e

SHA512
d9823430c544595db1f4eee121fc0ce1ca35e025f3e78858e59cfc51fb8fbcd94f993a19c1f8a3042020634026db12301cc2f095755ec31819f43a3318f90ef6

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
946KB

MD5
950a578da2e010ecd35442453be24521

SHA1
1d036dbffba6cf4a89bd4fa363b68f874530ed29

SHA256
020f42fa502e180ef726ba7024165dbbf7fb5886e5f46ee493886d4ae1982e3e

SHA512
d9823430c544595db1f4eee121fc0ce1ca35e025f3e78858e59cfc51fb8fbcd94f993a19c1f8a3042020634026db12301cc2f095755ec31819f43a3318f90ef6

Download Submit
\Windows\SysWOW64\HelpMe.exe
Filesize
946KB

MD5
950a578da2e010ecd35442453be24521

SHA1
1d036dbffba6cf4a89bd4fa363b68f874530ed29

SHA256
020f42fa502e180ef726ba7024165dbbf7fb5886e5f46ee493886d4ae1982e3e

SHA512
d9823430c544595db1f4eee121fc0ce1ca35e025f3e78858e59cfc51fb8fbcd94f993a19c1f8a3042020634026db12301cc2f095755ec31819f43a3318f90ef6

Download Submit
\Windows\SysWOW64\HelpMe.exe
Filesize
946KB

MD5
950a578da2e010ecd35442453be24521

SHA1
1d036dbffba6cf4a89bd4fa363b68f874530ed29

SHA256
020f42fa502e180ef726ba7024165dbbf7fb5886e5f46ee493886d4ae1982e3e

SHA512
d9823430c544595db1f4eee121fc0ce1ca35e025f3e78858e59cfc51fb8fbcd94f993a19c1f8a3042020634026db12301cc2f095755ec31819f43a3318f90ef6

Download Submit
memory/904-57-0x0000000000000000-mapping.dmp

Download
memory/1784-54-0x00000000755A1000-0x00000000755A3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads