3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d

Analysis

max time kernel
148s
max time network
51s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-07-2022 16:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
Size

759KB
MD5

519ed675e778bc503f8dbbf9a8627dca
SHA1

908fd2551bd3947cfb340a6d5a215828d063a85f
SHA256

3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d
SHA512

309964b6671af4a49fd7a141bd9235913fe93d7ae6237dde913600f85a0ab4b827dd15bea850842d89e803cbc276416925ee37d5fbb09fa7d3f672b921248fed

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

Processes:

3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exeHelpMe.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 6 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\$Recycle.Bin\S-1-5-21-1819626980-2277161760-1023733287-1000\desktop.ini.exe	aspack_v212_v242
C:\AutoRun.exe	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

1812 HelpMe.exe

pid	process
1812	HelpMe.exe

Drops startup file 3 IoCs

Processes:

3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exeHelpMe.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe

Loads dropped DLL 2 IoCs

Processes:

3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe

pid	process
860	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
860	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

HelpMe.exe3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe

description	ioc	process
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\J:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\G:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\N:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\W:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\F:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\P:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\S:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\Y:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\L:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\H:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\R:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\U:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\E:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\I:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\M:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\V:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\Z:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\F:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\K:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\Q:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\T:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\O:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\B:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\X:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened (read-only)	\??\A:	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exeHelpMe.exe

description	ioc	process
File opened for modification	C:\AUTORUN.INF	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File opened for modification	C:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 4 IoCs

Processes:

3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exeHelpMe.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File opened for modification	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\notepad.exe.exe	HelpMe.exe

Drops file in Program Files directory 1 IoCs

Processes:

HelpMe.exe

description ioc process

File created C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe HelpMe.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

HelpMe.exe

pid process

1812 HelpMe.exe

description	ioc	process
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe	HelpMe.exe

pid	process
1812	HelpMe.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe

description	pid	process	target process
PID 860 wrote to memory of 1812	860	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe	HelpMe.exe
PID 860 wrote to memory of 1812	860	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe	HelpMe.exe
PID 860 wrote to memory of 1812	860	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe	HelpMe.exe
PID 860 wrote to memory of 1812	860	3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe
"C:\Users\Admin\AppData\Local\Temp\3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:860

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:1812

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1819626980-2277161760-1023733287-1000\desktop.ini.exe
Filesize
760KB

MD5
1cd0d9e157f05b259161be6c8bffeb17

SHA1
84f885c0d6f024eee5c5640390db914b7b3d3023

SHA256
62e36fdfbcb8a25c117c76eb1a516354112e415f4b7b5249416ca27f2d4df622

SHA512
213270bcd643c6f3f67f42d9ba85d3a8d8f9bba277a0d1bfec6caad0caa8305266ba8d2bd8db0eaad11d796e832d3e32ade2a678c1c5214cfb054f880c2356eb

Download Submit
C:\AutoRun.exe
Filesize
759KB

MD5
519ed675e778bc503f8dbbf9a8627dca

SHA1
908fd2551bd3947cfb340a6d5a215828d063a85f

SHA256
3b901e66da57b60a08c6229431840da639381fce293033f90000310416ebaf2d

SHA512
309964b6671af4a49fd7a141bd9235913fe93d7ae6237dde913600f85a0ab4b827dd15bea850842d89e803cbc276416925ee37d5fbb09fa7d3f672b921248fed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a404581680941d6090b227b60c03809d

SHA1
1d3ac76f75abcfad72967c899777f9c7b3f13599

SHA256
f0f7e901015895801f6d751493b505f8c45696df439675b6b956b28a58be451a

SHA512
38ea4ef85e75c0e555f62656432f5248162402a5704ef9f0bdab21edee68e9fc8511ab86e6cf40381aa8fa2437b057b2e23fea566d30566a986aa019f6cc546a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a404581680941d6090b227b60c03809d

SHA1
1d3ac76f75abcfad72967c899777f9c7b3f13599

SHA256
f0f7e901015895801f6d751493b505f8c45696df439675b6b956b28a58be451a

SHA512
38ea4ef85e75c0e555f62656432f5248162402a5704ef9f0bdab21edee68e9fc8511ab86e6cf40381aa8fa2437b057b2e23fea566d30566a986aa019f6cc546a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a404581680941d6090b227b60c03809d

SHA1
1d3ac76f75abcfad72967c899777f9c7b3f13599

SHA256
f0f7e901015895801f6d751493b505f8c45696df439675b6b956b28a58be451a

SHA512
38ea4ef85e75c0e555f62656432f5248162402a5704ef9f0bdab21edee68e9fc8511ab86e6cf40381aa8fa2437b057b2e23fea566d30566a986aa019f6cc546a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a404581680941d6090b227b60c03809d

SHA1
1d3ac76f75abcfad72967c899777f9c7b3f13599

SHA256
f0f7e901015895801f6d751493b505f8c45696df439675b6b956b28a58be451a

SHA512
38ea4ef85e75c0e555f62656432f5248162402a5704ef9f0bdab21edee68e9fc8511ab86e6cf40381aa8fa2437b057b2e23fea566d30566a986aa019f6cc546a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a404581680941d6090b227b60c03809d

SHA1
1d3ac76f75abcfad72967c899777f9c7b3f13599

SHA256
f0f7e901015895801f6d751493b505f8c45696df439675b6b956b28a58be451a

SHA512
38ea4ef85e75c0e555f62656432f5248162402a5704ef9f0bdab21edee68e9fc8511ab86e6cf40381aa8fa2437b057b2e23fea566d30566a986aa019f6cc546a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a404581680941d6090b227b60c03809d

SHA1
1d3ac76f75abcfad72967c899777f9c7b3f13599

SHA256
f0f7e901015895801f6d751493b505f8c45696df439675b6b956b28a58be451a

SHA512
38ea4ef85e75c0e555f62656432f5248162402a5704ef9f0bdab21edee68e9fc8511ab86e6cf40381aa8fa2437b057b2e23fea566d30566a986aa019f6cc546a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a404581680941d6090b227b60c03809d

SHA1
1d3ac76f75abcfad72967c899777f9c7b3f13599

SHA256
f0f7e901015895801f6d751493b505f8c45696df439675b6b956b28a58be451a

SHA512
38ea4ef85e75c0e555f62656432f5248162402a5704ef9f0bdab21edee68e9fc8511ab86e6cf40381aa8fa2437b057b2e23fea566d30566a986aa019f6cc546a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a404581680941d6090b227b60c03809d

SHA1
1d3ac76f75abcfad72967c899777f9c7b3f13599

SHA256
f0f7e901015895801f6d751493b505f8c45696df439675b6b956b28a58be451a

SHA512
38ea4ef85e75c0e555f62656432f5248162402a5704ef9f0bdab21edee68e9fc8511ab86e6cf40381aa8fa2437b057b2e23fea566d30566a986aa019f6cc546a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a404581680941d6090b227b60c03809d

SHA1
1d3ac76f75abcfad72967c899777f9c7b3f13599

SHA256
f0f7e901015895801f6d751493b505f8c45696df439675b6b956b28a58be451a

SHA512
38ea4ef85e75c0e555f62656432f5248162402a5704ef9f0bdab21edee68e9fc8511ab86e6cf40381aa8fa2437b057b2e23fea566d30566a986aa019f6cc546a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a404581680941d6090b227b60c03809d

SHA1
1d3ac76f75abcfad72967c899777f9c7b3f13599

SHA256
f0f7e901015895801f6d751493b505f8c45696df439675b6b956b28a58be451a

SHA512
38ea4ef85e75c0e555f62656432f5248162402a5704ef9f0bdab21edee68e9fc8511ab86e6cf40381aa8fa2437b057b2e23fea566d30566a986aa019f6cc546a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a404581680941d6090b227b60c03809d

SHA1
1d3ac76f75abcfad72967c899777f9c7b3f13599

SHA256
f0f7e901015895801f6d751493b505f8c45696df439675b6b956b28a58be451a

SHA512
38ea4ef85e75c0e555f62656432f5248162402a5704ef9f0bdab21edee68e9fc8511ab86e6cf40381aa8fa2437b057b2e23fea566d30566a986aa019f6cc546a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
954B

MD5
2f253913c2a73edbb11f1e915f0e577a

SHA1
5f20ce253d686bf1e046692655548e5afff5eb92

SHA256
85ab144c4082f9e56e885f1a684a6609cbfd9984cdc0a7a569e9b0fadbc117c3

SHA512
64b863013d1fd10afe9cbd1dfeac44140581806c4e25d6aed00f941dab165f4d2fb9bc5068cadc2c9b64f7dc065ebac2e906cdf7a502244dc52bcc7dfe6c5a00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a404581680941d6090b227b60c03809d

SHA1
1d3ac76f75abcfad72967c899777f9c7b3f13599

SHA256
f0f7e901015895801f6d751493b505f8c45696df439675b6b956b28a58be451a

SHA512
38ea4ef85e75c0e555f62656432f5248162402a5704ef9f0bdab21edee68e9fc8511ab86e6cf40381aa8fa2437b057b2e23fea566d30566a986aa019f6cc546a

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
759KB

MD5
42f633fab7ced160481e4be015cc352c

SHA1
a0d96061ae17175fd478872fdbe42e278e92da4d

SHA256
8995ce649a4ffd4b4c64614388767388574b8ed268fe8e5f6b3a9a13bc21de86

SHA512
3c6f67d42845b4e073b8f76432725604ccec4201c55f2af126a9175e4cb0b300e0c643611c55ae46516989af341ffa7391978e1dc0eec582430082b470db1b3e

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
759KB

MD5
42f633fab7ced160481e4be015cc352c

SHA1
a0d96061ae17175fd478872fdbe42e278e92da4d

SHA256
8995ce649a4ffd4b4c64614388767388574b8ed268fe8e5f6b3a9a13bc21de86

SHA512
3c6f67d42845b4e073b8f76432725604ccec4201c55f2af126a9175e4cb0b300e0c643611c55ae46516989af341ffa7391978e1dc0eec582430082b470db1b3e

Download Submit
\Windows\SysWOW64\HelpMe.exe
Filesize
759KB

MD5
42f633fab7ced160481e4be015cc352c

SHA1
a0d96061ae17175fd478872fdbe42e278e92da4d

SHA256
8995ce649a4ffd4b4c64614388767388574b8ed268fe8e5f6b3a9a13bc21de86

SHA512
3c6f67d42845b4e073b8f76432725604ccec4201c55f2af126a9175e4cb0b300e0c643611c55ae46516989af341ffa7391978e1dc0eec582430082b470db1b3e

Download Submit
\Windows\SysWOW64\HelpMe.exe
Filesize
759KB

MD5
42f633fab7ced160481e4be015cc352c

SHA1
a0d96061ae17175fd478872fdbe42e278e92da4d

SHA256
8995ce649a4ffd4b4c64614388767388574b8ed268fe8e5f6b3a9a13bc21de86

SHA512
3c6f67d42845b4e073b8f76432725604ccec4201c55f2af126a9175e4cb0b300e0c643611c55ae46516989af341ffa7391978e1dc0eec582430082b470db1b3e

Download Submit
memory/860-54-0x00000000763C1000-0x00000000763C3000-memory.dmp

Filesize
8KB

Download
memory/1812-57-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads