3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9

Analysis

max time kernel
150s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-07-2022 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
Size

940KB
MD5

1a29324cb04bfb173233cd55e5a9afc4
SHA1

4883104bc47f16c9b078b711e32263640a2b637c
SHA256

3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9
SHA512

cfbe35b37a4412069160ed904fdf154a921aebb92dbe445e2b3d29c9a592f0dbb4a28a8f3ed09cbddc6357e48d7f6d8543e1d48888929affc55bfa548206a698

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

Processes:

HelpMe.exe3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe

ASPack v2.12-2.42 6 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\$Recycle.Bin\S-1-5-21-790309383-526510583-3802439154-1000\desktop.ini.exe	aspack_v212_v242
C:\AutoRun.exe	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

1768 HelpMe.exe

pid	process
1768	HelpMe.exe

Drops startup file 3 IoCs

Processes:

HelpMe.exe3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe

Loads dropped DLL 2 IoCs

Processes:

3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe

pid	process
1704	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
1704	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exeHelpMe.exe

description	ioc	process
File opened (read-only)	\??\B:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\G:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\A:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\I:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\J:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\N:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\M:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\O:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\Q:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\Z:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\F:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\E:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\K:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\U:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\H:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\P:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\W:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\X:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\L:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\R:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\T:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\V:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\Y:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\S:	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\F:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

HelpMe.exe3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe

description	ioc	process
File opened for modification	C:\AUTORUN.INF	HelpMe.exe
File opened for modification	C:\AUTORUN.INF	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe

Drops file in System32 directory 2 IoCs

Processes:

3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exeHelpMe.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe

description	pid	process	target process
PID 1704 wrote to memory of 1768	1704	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe	HelpMe.exe
PID 1704 wrote to memory of 1768	1704	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe	HelpMe.exe
PID 1704 wrote to memory of 1768	1704	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe	HelpMe.exe
PID 1704 wrote to memory of 1768	1704	3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe
"C:\Users\Admin\AppData\Local\Temp\3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1704

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
PID:1768

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-790309383-526510583-3802439154-1000\desktop.ini.exe
Filesize
941KB

MD5
defbc734336c87c574c4498788b1c712

SHA1
28e74c9d7f3decd8506c8bf8a2d32087830efe51

SHA256
2e2bfee4cba83b8dd5f386f8e5fb0ac1eb6603d8f8f0906f1efd2f838b3d7768

SHA512
b770eb39bb365b291127c160e905d72fb27ba7b209b26d8a76cab78a7ac97d595358e5cdd200fb246d06d657b49247dfaed80c81ee10eb5d45099416ef6d8525

Download Submit
C:\AutoRun.exe
Filesize
940KB

MD5
1a29324cb04bfb173233cd55e5a9afc4

SHA1
4883104bc47f16c9b078b711e32263640a2b637c

SHA256
3b6fb95f4c4e8f78da8c574abf5fb9045547a15864d0e70a6ed8e731f357b3c9

SHA512
cfbe35b37a4412069160ed904fdf154a921aebb92dbe445e2b3d29c9a592f0dbb4a28a8f3ed09cbddc6357e48d7f6d8543e1d48888929affc55bfa548206a698

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
39b0f6d248011fab1a500691b24aaffc

SHA1
dcb086e3853780ac867871d2856d3a059c2de9bb

SHA256
1c74b3314ea11e536524d5eff7b9f3734707626a57028d9cd61cfe32ab5ed683

SHA512
fc144f21213c996140578b1a279c641dc8aacf5a7a42d3dfa4c0747d97d6cd0284b3620bbc0f61af0e847033fb54441b196eb74bf485b439e83133249d56fc83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
950B

MD5
4475f0420e9574a7c4825bcc8d454e55

SHA1
f81a19f5221d0ab333311a73dd88eea9a65f1af8

SHA256
fdc9877fcdd622feee005e9d6be8868695ec0712c44a2f1e38d14f06d58d8c14

SHA512
dbd240ca43f969ae7dbbf90e31caabde6d21cbf91c8cc661a839188a2a6a98eef0436886b21089073ee98522574ba387ccd824622577f2b7a4075a52c653a589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
766KB

MD5
bdf5e11083db209d351609d1ce6a4a52

SHA1
641c10b94223172dcfc89607b2d0bb79b65f83ca

SHA256
98d1959150cba4aa818579062b6bac5af1a40566f7bdc83ef0ccb392c30b31a4

SHA512
c6e1a723d286a3de4337e10f24de37cc3bb3153084ba0f9f03857d0c1d497fc673e0eef61ba186a37cb2ebe5d34a6799de8c61ef258563ac1dc4264b65a9c001

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
766KB

MD5
bdf5e11083db209d351609d1ce6a4a52

SHA1
641c10b94223172dcfc89607b2d0bb79b65f83ca

SHA256
98d1959150cba4aa818579062b6bac5af1a40566f7bdc83ef0ccb392c30b31a4

SHA512
c6e1a723d286a3de4337e10f24de37cc3bb3153084ba0f9f03857d0c1d497fc673e0eef61ba186a37cb2ebe5d34a6799de8c61ef258563ac1dc4264b65a9c001

Download Submit
\Windows\SysWOW64\HelpMe.exe
Filesize
766KB

MD5
bdf5e11083db209d351609d1ce6a4a52

SHA1
641c10b94223172dcfc89607b2d0bb79b65f83ca

SHA256
98d1959150cba4aa818579062b6bac5af1a40566f7bdc83ef0ccb392c30b31a4

SHA512
c6e1a723d286a3de4337e10f24de37cc3bb3153084ba0f9f03857d0c1d497fc673e0eef61ba186a37cb2ebe5d34a6799de8c61ef258563ac1dc4264b65a9c001

Download Submit
\Windows\SysWOW64\HelpMe.exe
Filesize
766KB

MD5
bdf5e11083db209d351609d1ce6a4a52

SHA1
641c10b94223172dcfc89607b2d0bb79b65f83ca

SHA256
98d1959150cba4aa818579062b6bac5af1a40566f7bdc83ef0ccb392c30b31a4

SHA512
c6e1a723d286a3de4337e10f24de37cc3bb3153084ba0f9f03857d0c1d497fc673e0eef61ba186a37cb2ebe5d34a6799de8c61ef258563ac1dc4264b65a9c001

Download Submit
memory/1704-54-0x0000000076241000-0x0000000076243000-memory.dmp

Filesize
8KB

Download
memory/1768-57-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads