b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd

Analysis

max time kernel
154s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/10/2022, 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
Size

810KB
MD5

6322aaa52753ac04073e1cb2e30ae790
SHA1

fd662478da1c5045fe7b92797ed0c63dd6d14083
SHA256

b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd
SHA512

5de058a38bd7294bb12e6750b2182cfa86eef37e4232b9d5a1f1c850c0043af0e272eace26900d22e39f07c50ddfbcaa31a091157f59de7f70e32daa1f5ce1ee
SSDEEP

12288:Cp4pNfz3ymJnJ8QCFkxCaQTOl2ga3Cz/kJ:8Etl9mRda1P4

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

Executes dropped EXE 1 IoCs

pid	Process
1380	HelpMe.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe

Loads dropped DLL 2 IoCs

pid	Process
848	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
848	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\A:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\I:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\P:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\R:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\U:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\V:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\B:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\K:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\Y:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\N:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\S:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\F:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\G:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\W:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\L:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\O:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\T:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\J:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\Z:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\F:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\H:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\Q:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\E:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\M:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\X:	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	C:\AUTORUN.INF	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File opened for modification	C:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 1380	848	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe	27
PID 848 wrote to memory of 1380	848	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe	27
PID 848 wrote to memory of 1380	848	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe	27
PID 848 wrote to memory of 1380	848	b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe	27

C:\Users\Admin\AppData\Local\Temp\b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe
"C:\Users\Admin\AppData\Local\Temp\b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Drops startup file
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:1380

Network

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2292972927-2705560509-2768824231-1000\desktop.ini.exe

Filesize
810KB

MD5
1ed7b083b2b03407050ee13101ed91f2

SHA1
a887c7d10d001d3823f892c24d0dcc8bcb079a97

SHA256
14e38182e78b0078a579232ff064c9204cf1699278082b862ae9a6cde2748dae

SHA512
df14bdec046e097fe8c29ff88902892107d210c81cb630ad003db816259aa2a462902fe58501f13255e5e1974b410d8486ff512a3d8c473b953a64488c1905ff

Download Submit
C:\AutoRun.exe

Filesize
810KB

MD5
6322aaa52753ac04073e1cb2e30ae790

SHA1
fd662478da1c5045fe7b92797ed0c63dd6d14083

SHA256
b634b0609b46701001694e90075d8ac32dac1cf015d45dbd42e923bedf0340fd

SHA512
5de058a38bd7294bb12e6750b2182cfa86eef37e4232b9d5a1f1c850c0043af0e272eace26900d22e39f07c50ddfbcaa31a091157f59de7f70e32daa1f5ce1ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
423703427d909111603fb1b116a930cf

SHA1
e0b64190865717900e9108798ba76c326e4d92ec

SHA256
9c3d268c38a523e69741255b0178e0d8742ebab4000ffc2e0890ad5f1418a2c5

SHA512
9eebaf971369a965b86a3ef0f957e180a49b92b84626d2a1cda08452d8833e9c9f35710160679948445c1d676d5e7134e35183401d3a56302182ad6cea2d2668

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
423703427d909111603fb1b116a930cf

SHA1
e0b64190865717900e9108798ba76c326e4d92ec

SHA256
9c3d268c38a523e69741255b0178e0d8742ebab4000ffc2e0890ad5f1418a2c5

SHA512
9eebaf971369a965b86a3ef0f957e180a49b92b84626d2a1cda08452d8833e9c9f35710160679948445c1d676d5e7134e35183401d3a56302182ad6cea2d2668

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
423703427d909111603fb1b116a930cf

SHA1
e0b64190865717900e9108798ba76c326e4d92ec

SHA256
9c3d268c38a523e69741255b0178e0d8742ebab4000ffc2e0890ad5f1418a2c5

SHA512
9eebaf971369a965b86a3ef0f957e180a49b92b84626d2a1cda08452d8833e9c9f35710160679948445c1d676d5e7134e35183401d3a56302182ad6cea2d2668

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
423703427d909111603fb1b116a930cf

SHA1
e0b64190865717900e9108798ba76c326e4d92ec

SHA256
9c3d268c38a523e69741255b0178e0d8742ebab4000ffc2e0890ad5f1418a2c5

SHA512
9eebaf971369a965b86a3ef0f957e180a49b92b84626d2a1cda08452d8833e9c9f35710160679948445c1d676d5e7134e35183401d3a56302182ad6cea2d2668

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
722e7a7cf6c1031aced79b959b2eb809

SHA1
ba16d6bd432099944abbc301400f03aa647e802f

SHA256
6685a21c9a29c1ca658468a283d2e3441230fbe851ba261c8421a36448292b07

SHA512
36b4dd469e9cd4f01c905a143055a19a757d3bf61dfb1c82bb8eb74d3006228ca16d7a4b20a97ab42920f12bf3cb21882352b47b2a6e951153cd57b6ca9d285e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
423703427d909111603fb1b116a930cf

SHA1
e0b64190865717900e9108798ba76c326e4d92ec

SHA256
9c3d268c38a523e69741255b0178e0d8742ebab4000ffc2e0890ad5f1418a2c5

SHA512
9eebaf971369a965b86a3ef0f957e180a49b92b84626d2a1cda08452d8833e9c9f35710160679948445c1d676d5e7134e35183401d3a56302182ad6cea2d2668

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
423703427d909111603fb1b116a930cf

SHA1
e0b64190865717900e9108798ba76c326e4d92ec

SHA256
9c3d268c38a523e69741255b0178e0d8742ebab4000ffc2e0890ad5f1418a2c5

SHA512
9eebaf971369a965b86a3ef0f957e180a49b92b84626d2a1cda08452d8833e9c9f35710160679948445c1d676d5e7134e35183401d3a56302182ad6cea2d2668

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
423703427d909111603fb1b116a930cf

SHA1
e0b64190865717900e9108798ba76c326e4d92ec

SHA256
9c3d268c38a523e69741255b0178e0d8742ebab4000ffc2e0890ad5f1418a2c5

SHA512
9eebaf971369a965b86a3ef0f957e180a49b92b84626d2a1cda08452d8833e9c9f35710160679948445c1d676d5e7134e35183401d3a56302182ad6cea2d2668

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
423703427d909111603fb1b116a930cf

SHA1
e0b64190865717900e9108798ba76c326e4d92ec

SHA256
9c3d268c38a523e69741255b0178e0d8742ebab4000ffc2e0890ad5f1418a2c5

SHA512
9eebaf971369a965b86a3ef0f957e180a49b92b84626d2a1cda08452d8833e9c9f35710160679948445c1d676d5e7134e35183401d3a56302182ad6cea2d2668

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
423703427d909111603fb1b116a930cf

SHA1
e0b64190865717900e9108798ba76c326e4d92ec

SHA256
9c3d268c38a523e69741255b0178e0d8742ebab4000ffc2e0890ad5f1418a2c5

SHA512
9eebaf971369a965b86a3ef0f957e180a49b92b84626d2a1cda08452d8833e9c9f35710160679948445c1d676d5e7134e35183401d3a56302182ad6cea2d2668

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
423703427d909111603fb1b116a930cf

SHA1
e0b64190865717900e9108798ba76c326e4d92ec

SHA256
9c3d268c38a523e69741255b0178e0d8742ebab4000ffc2e0890ad5f1418a2c5

SHA512
9eebaf971369a965b86a3ef0f957e180a49b92b84626d2a1cda08452d8833e9c9f35710160679948445c1d676d5e7134e35183401d3a56302182ad6cea2d2668

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
423703427d909111603fb1b116a930cf

SHA1
e0b64190865717900e9108798ba76c326e4d92ec

SHA256
9c3d268c38a523e69741255b0178e0d8742ebab4000ffc2e0890ad5f1418a2c5

SHA512
9eebaf971369a965b86a3ef0f957e180a49b92b84626d2a1cda08452d8833e9c9f35710160679948445c1d676d5e7134e35183401d3a56302182ad6cea2d2668

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
423703427d909111603fb1b116a930cf

SHA1
e0b64190865717900e9108798ba76c326e4d92ec

SHA256
9c3d268c38a523e69741255b0178e0d8742ebab4000ffc2e0890ad5f1418a2c5

SHA512
9eebaf971369a965b86a3ef0f957e180a49b92b84626d2a1cda08452d8833e9c9f35710160679948445c1d676d5e7134e35183401d3a56302182ad6cea2d2668

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
423703427d909111603fb1b116a930cf

SHA1
e0b64190865717900e9108798ba76c326e4d92ec

SHA256
9c3d268c38a523e69741255b0178e0d8742ebab4000ffc2e0890ad5f1418a2c5

SHA512
9eebaf971369a965b86a3ef0f957e180a49b92b84626d2a1cda08452d8833e9c9f35710160679948445c1d676d5e7134e35183401d3a56302182ad6cea2d2668

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
423703427d909111603fb1b116a930cf

SHA1
e0b64190865717900e9108798ba76c326e4d92ec

SHA256
9c3d268c38a523e69741255b0178e0d8742ebab4000ffc2e0890ad5f1418a2c5

SHA512
9eebaf971369a965b86a3ef0f957e180a49b92b84626d2a1cda08452d8833e9c9f35710160679948445c1d676d5e7134e35183401d3a56302182ad6cea2d2668

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
27fbd906ff51d72107a59c6701bbd00d

SHA1
68338600c12a874c492c9539d7dea2d45225e893

SHA256
62144c380569cba27444756c59039d9d0e975fffc73b422ed031ebd806362b87

SHA512
d49e872d52994ee6b8575bd62bb805ade9ccc9e707d9600030b80a46c44819e0ad70d22c46124d5b347e884be680329e15293d598394c6e9ca43194bd1bc7c7c

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
745KB

MD5
33ddcd4ae8aee761ca0f381aecd28873

SHA1
7e9a1e4c28e2ee7d449628a983032af2bf6fd2b6

SHA256
899a39099e83d2a90f734579619d55a72dca9f2639020dbb59670b78887dc620

SHA512
972cd82f6c12cbc0b3fabdf70a5f1a01e899b67d1ba6e99271e407f965f9743367da0345161366c8d12cddebf72612929f8740a1e8b6ad58dc429be0fa78688a

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
745KB

MD5
33ddcd4ae8aee761ca0f381aecd28873

SHA1
7e9a1e4c28e2ee7d449628a983032af2bf6fd2b6

SHA256
899a39099e83d2a90f734579619d55a72dca9f2639020dbb59670b78887dc620

SHA512
972cd82f6c12cbc0b3fabdf70a5f1a01e899b67d1ba6e99271e407f965f9743367da0345161366c8d12cddebf72612929f8740a1e8b6ad58dc429be0fa78688a

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
745KB

MD5
33ddcd4ae8aee761ca0f381aecd28873

SHA1
7e9a1e4c28e2ee7d449628a983032af2bf6fd2b6

SHA256
899a39099e83d2a90f734579619d55a72dca9f2639020dbb59670b78887dc620

SHA512
972cd82f6c12cbc0b3fabdf70a5f1a01e899b67d1ba6e99271e407f965f9743367da0345161366c8d12cddebf72612929f8740a1e8b6ad58dc429be0fa78688a

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
745KB

MD5
33ddcd4ae8aee761ca0f381aecd28873

SHA1
7e9a1e4c28e2ee7d449628a983032af2bf6fd2b6

SHA256
899a39099e83d2a90f734579619d55a72dca9f2639020dbb59670b78887dc620

SHA512
972cd82f6c12cbc0b3fabdf70a5f1a01e899b67d1ba6e99271e407f965f9743367da0345161366c8d12cddebf72612929f8740a1e8b6ad58dc429be0fa78688a

Download Submit
memory/848-54-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads