21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b

Analysis

max time kernel
167s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 05:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
Size

183KB
MD5

4b1bf42e3602cb48b96b34d1c7425f20
SHA1

876439cd3b78f700845ec653d893b08ca7c376fa
SHA256

21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b
SHA512

52c9f416761e7ce7c9ee90f85f15426ec527a136b0c036c27522d783b5b2b828918491fb4f171f0ada0e8eeb790df5abbd516240a261290482595abe84c1f022
SSDEEP

3072:rimsXXK9HRTOeriRfP6pXfSb0dspqc5oY0htVFAHT11Ual21Cxcs0HKAH057kyJe:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HWI

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe

ASPack v2.12-2.42 17 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x00140000000054ab-55.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-56.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-58.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-60.dat	aspack_v212_v242
behavioral1/files/0x0007000000013494-61.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-62.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-65.dat	aspack_v212_v242
behavioral1/files/0x0009000000013300-67.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-71.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-69.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-73.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-76.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-79.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-82.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-85.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-88.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-91.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
1144	HelpMe.exe

Drops startup file 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Loads dropped DLL 13 IoCs

pid	Process
1012	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
1012	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
1144	HelpMe.exe
1144	HelpMe.exe
1144	HelpMe.exe
1144	HelpMe.exe
1144	HelpMe.exe
1144	HelpMe.exe
1144	HelpMe.exe
1144	HelpMe.exe
1144	HelpMe.exe
1144	HelpMe.exe
1144	HelpMe.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\Q:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\F:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\H:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\P:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\A:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\B:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\G:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\J:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\L:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\U:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\Y:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\I:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\N:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\O:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\T:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\X:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\Z:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\M:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\R:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\V:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\W:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\K:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\S:	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened (read-only)	\??\F:	HelpMe.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	C:\AUTORUN.INF	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File opened for modification	C:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1012 wrote to memory of 1144	1012	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe	28
PID 1012 wrote to memory of 1144	1012	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe	28
PID 1012 wrote to memory of 1144	1012	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe	28
PID 1012 wrote to memory of 1144	1012	21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe	28

C:\Users\Admin\AppData\Local\Temp\21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe
"C:\Users\Admin\AppData\Local\Temp\21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Drops startup file
  - Loads dropped DLL
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:1144

Network

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2292972927-2705560509-2768824231-1000\desktop.ini.exe

Filesize
184KB

MD5
753d057a8ceb47d587598170ebbbd471

SHA1
9d4b5bedf869492d90fabd4665daacc2251b5c83

SHA256
ffb50c9755190f4930eef6d9213827a3801c6abe866bea5774397c3605e9b18d

SHA512
866238680ea6a1d6637c69d30316a12b279c56ec94ae38187580702043cc3a26dd43ea71a9632ac6285b3892829aede039d4a222e2251999d2aed9b6db0611d0

Download Submit
C:\AutoRun.exe

Filesize
183KB

MD5
4b1bf42e3602cb48b96b34d1c7425f20

SHA1
876439cd3b78f700845ec653d893b08ca7c376fa

SHA256
21e6610cf4f7335d50df66240a4ad98617390dda6fbb7f1f8ca7b76f1da2c26b

SHA512
52c9f416761e7ce7c9ee90f85f15426ec527a136b0c036c27522d783b5b2b828918491fb4f171f0ada0e8eeb790df5abbd516240a261290482595abe84c1f022

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
21061b3b4a9c9c00d441b83eb5d8f5c4

SHA1
b2e95f25e0430e5f7b95638e1ca93a1a8bed2a60

SHA256
42cebf59266d29ae24a4b66d3245d539a9d79ecea574a79c4624b325d9435d1a

SHA512
19b046ade14f131726e4938dbcb702475dfedd30e5828767714888db06495f95f6c725d9a905e3c0ff853ae1f24824aeec894b670f1aabea6f0e92f323a7c1b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
21061b3b4a9c9c00d441b83eb5d8f5c4

SHA1
b2e95f25e0430e5f7b95638e1ca93a1a8bed2a60

SHA256
42cebf59266d29ae24a4b66d3245d539a9d79ecea574a79c4624b325d9435d1a

SHA512
19b046ade14f131726e4938dbcb702475dfedd30e5828767714888db06495f95f6c725d9a905e3c0ff853ae1f24824aeec894b670f1aabea6f0e92f323a7c1b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
21061b3b4a9c9c00d441b83eb5d8f5c4

SHA1
b2e95f25e0430e5f7b95638e1ca93a1a8bed2a60

SHA256
42cebf59266d29ae24a4b66d3245d539a9d79ecea574a79c4624b325d9435d1a

SHA512
19b046ade14f131726e4938dbcb702475dfedd30e5828767714888db06495f95f6c725d9a905e3c0ff853ae1f24824aeec894b670f1aabea6f0e92f323a7c1b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0882d7f704c82c2a010900297d81548d

SHA1
6afd4917d618fd603fee88895c983b87495d44fd

SHA256
20cf7b01bb3a146f3f3e800f4209a2cc49315efbf16146546260e3f858170c8b

SHA512
94f356e3a002d90175711e164bf355c4315e3849ce9bf22e70489fce4a3b05a84ae91a37f7c58abd70924eb1204d00511fdeed4027c1665aa149c3d1dc2e60ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
21061b3b4a9c9c00d441b83eb5d8f5c4

SHA1
b2e95f25e0430e5f7b95638e1ca93a1a8bed2a60

SHA256
42cebf59266d29ae24a4b66d3245d539a9d79ecea574a79c4624b325d9435d1a

SHA512
19b046ade14f131726e4938dbcb702475dfedd30e5828767714888db06495f95f6c725d9a905e3c0ff853ae1f24824aeec894b670f1aabea6f0e92f323a7c1b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0882d7f704c82c2a010900297d81548d

SHA1
6afd4917d618fd603fee88895c983b87495d44fd

SHA256
20cf7b01bb3a146f3f3e800f4209a2cc49315efbf16146546260e3f858170c8b

SHA512
94f356e3a002d90175711e164bf355c4315e3849ce9bf22e70489fce4a3b05a84ae91a37f7c58abd70924eb1204d00511fdeed4027c1665aa149c3d1dc2e60ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
21061b3b4a9c9c00d441b83eb5d8f5c4

SHA1
b2e95f25e0430e5f7b95638e1ca93a1a8bed2a60

SHA256
42cebf59266d29ae24a4b66d3245d539a9d79ecea574a79c4624b325d9435d1a

SHA512
19b046ade14f131726e4938dbcb702475dfedd30e5828767714888db06495f95f6c725d9a905e3c0ff853ae1f24824aeec894b670f1aabea6f0e92f323a7c1b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0882d7f704c82c2a010900297d81548d

SHA1
6afd4917d618fd603fee88895c983b87495d44fd

SHA256
20cf7b01bb3a146f3f3e800f4209a2cc49315efbf16146546260e3f858170c8b

SHA512
94f356e3a002d90175711e164bf355c4315e3849ce9bf22e70489fce4a3b05a84ae91a37f7c58abd70924eb1204d00511fdeed4027c1665aa149c3d1dc2e60ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
21061b3b4a9c9c00d441b83eb5d8f5c4

SHA1
b2e95f25e0430e5f7b95638e1ca93a1a8bed2a60

SHA256
42cebf59266d29ae24a4b66d3245d539a9d79ecea574a79c4624b325d9435d1a

SHA512
19b046ade14f131726e4938dbcb702475dfedd30e5828767714888db06495f95f6c725d9a905e3c0ff853ae1f24824aeec894b670f1aabea6f0e92f323a7c1b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0882d7f704c82c2a010900297d81548d

SHA1
6afd4917d618fd603fee88895c983b87495d44fd

SHA256
20cf7b01bb3a146f3f3e800f4209a2cc49315efbf16146546260e3f858170c8b

SHA512
94f356e3a002d90175711e164bf355c4315e3849ce9bf22e70489fce4a3b05a84ae91a37f7c58abd70924eb1204d00511fdeed4027c1665aa149c3d1dc2e60ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
21061b3b4a9c9c00d441b83eb5d8f5c4

SHA1
b2e95f25e0430e5f7b95638e1ca93a1a8bed2a60

SHA256
42cebf59266d29ae24a4b66d3245d539a9d79ecea574a79c4624b325d9435d1a

SHA512
19b046ade14f131726e4938dbcb702475dfedd30e5828767714888db06495f95f6c725d9a905e3c0ff853ae1f24824aeec894b670f1aabea6f0e92f323a7c1b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
21061b3b4a9c9c00d441b83eb5d8f5c4

SHA1
b2e95f25e0430e5f7b95638e1ca93a1a8bed2a60

SHA256
42cebf59266d29ae24a4b66d3245d539a9d79ecea574a79c4624b325d9435d1a

SHA512
19b046ade14f131726e4938dbcb702475dfedd30e5828767714888db06495f95f6c725d9a905e3c0ff853ae1f24824aeec894b670f1aabea6f0e92f323a7c1b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0882d7f704c82c2a010900297d81548d

SHA1
6afd4917d618fd603fee88895c983b87495d44fd

SHA256
20cf7b01bb3a146f3f3e800f4209a2cc49315efbf16146546260e3f858170c8b

SHA512
94f356e3a002d90175711e164bf355c4315e3849ce9bf22e70489fce4a3b05a84ae91a37f7c58abd70924eb1204d00511fdeed4027c1665aa149c3d1dc2e60ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
21061b3b4a9c9c00d441b83eb5d8f5c4

SHA1
b2e95f25e0430e5f7b95638e1ca93a1a8bed2a60

SHA256
42cebf59266d29ae24a4b66d3245d539a9d79ecea574a79c4624b325d9435d1a

SHA512
19b046ade14f131726e4938dbcb702475dfedd30e5828767714888db06495f95f6c725d9a905e3c0ff853ae1f24824aeec894b670f1aabea6f0e92f323a7c1b2

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
642204f5f29ed00a25daf8fa03777a3b

SHA1
2b5ae7ee534b90cdb216c3e91d93e04ac9e46d6b

SHA256
e151307c8873bbb0a7005371185458ef8ed4fbc44115424bcba69755b8bd7aef

SHA512
cd74fe3b5793caaa004bc251b544f8b866f3e887b80a355f98d4ff1e7a5c81bfae7434ccad3a20472ed491451f44eff07dac607d670f2588a8167f976afe49d1

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
642204f5f29ed00a25daf8fa03777a3b

SHA1
2b5ae7ee534b90cdb216c3e91d93e04ac9e46d6b

SHA256
e151307c8873bbb0a7005371185458ef8ed4fbc44115424bcba69755b8bd7aef

SHA512
cd74fe3b5793caaa004bc251b544f8b866f3e887b80a355f98d4ff1e7a5c81bfae7434ccad3a20472ed491451f44eff07dac607d670f2588a8167f976afe49d1

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
642204f5f29ed00a25daf8fa03777a3b

SHA1
2b5ae7ee534b90cdb216c3e91d93e04ac9e46d6b

SHA256
e151307c8873bbb0a7005371185458ef8ed4fbc44115424bcba69755b8bd7aef

SHA512
cd74fe3b5793caaa004bc251b544f8b866f3e887b80a355f98d4ff1e7a5c81bfae7434ccad3a20472ed491451f44eff07dac607d670f2588a8167f976afe49d1

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
642204f5f29ed00a25daf8fa03777a3b

SHA1
2b5ae7ee534b90cdb216c3e91d93e04ac9e46d6b

SHA256
e151307c8873bbb0a7005371185458ef8ed4fbc44115424bcba69755b8bd7aef

SHA512
cd74fe3b5793caaa004bc251b544f8b866f3e887b80a355f98d4ff1e7a5c81bfae7434ccad3a20472ed491451f44eff07dac607d670f2588a8167f976afe49d1

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
642204f5f29ed00a25daf8fa03777a3b

SHA1
2b5ae7ee534b90cdb216c3e91d93e04ac9e46d6b

SHA256
e151307c8873bbb0a7005371185458ef8ed4fbc44115424bcba69755b8bd7aef

SHA512
cd74fe3b5793caaa004bc251b544f8b866f3e887b80a355f98d4ff1e7a5c81bfae7434ccad3a20472ed491451f44eff07dac607d670f2588a8167f976afe49d1

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
642204f5f29ed00a25daf8fa03777a3b

SHA1
2b5ae7ee534b90cdb216c3e91d93e04ac9e46d6b

SHA256
e151307c8873bbb0a7005371185458ef8ed4fbc44115424bcba69755b8bd7aef

SHA512
cd74fe3b5793caaa004bc251b544f8b866f3e887b80a355f98d4ff1e7a5c81bfae7434ccad3a20472ed491451f44eff07dac607d670f2588a8167f976afe49d1

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
642204f5f29ed00a25daf8fa03777a3b

SHA1
2b5ae7ee534b90cdb216c3e91d93e04ac9e46d6b

SHA256
e151307c8873bbb0a7005371185458ef8ed4fbc44115424bcba69755b8bd7aef

SHA512
cd74fe3b5793caaa004bc251b544f8b866f3e887b80a355f98d4ff1e7a5c81bfae7434ccad3a20472ed491451f44eff07dac607d670f2588a8167f976afe49d1

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
642204f5f29ed00a25daf8fa03777a3b

SHA1
2b5ae7ee534b90cdb216c3e91d93e04ac9e46d6b

SHA256
e151307c8873bbb0a7005371185458ef8ed4fbc44115424bcba69755b8bd7aef

SHA512
cd74fe3b5793caaa004bc251b544f8b866f3e887b80a355f98d4ff1e7a5c81bfae7434ccad3a20472ed491451f44eff07dac607d670f2588a8167f976afe49d1

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
642204f5f29ed00a25daf8fa03777a3b

SHA1
2b5ae7ee534b90cdb216c3e91d93e04ac9e46d6b

SHA256
e151307c8873bbb0a7005371185458ef8ed4fbc44115424bcba69755b8bd7aef

SHA512
cd74fe3b5793caaa004bc251b544f8b866f3e887b80a355f98d4ff1e7a5c81bfae7434ccad3a20472ed491451f44eff07dac607d670f2588a8167f976afe49d1

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
642204f5f29ed00a25daf8fa03777a3b

SHA1
2b5ae7ee534b90cdb216c3e91d93e04ac9e46d6b

SHA256
e151307c8873bbb0a7005371185458ef8ed4fbc44115424bcba69755b8bd7aef

SHA512
cd74fe3b5793caaa004bc251b544f8b866f3e887b80a355f98d4ff1e7a5c81bfae7434ccad3a20472ed491451f44eff07dac607d670f2588a8167f976afe49d1

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
642204f5f29ed00a25daf8fa03777a3b

SHA1
2b5ae7ee534b90cdb216c3e91d93e04ac9e46d6b

SHA256
e151307c8873bbb0a7005371185458ef8ed4fbc44115424bcba69755b8bd7aef

SHA512
cd74fe3b5793caaa004bc251b544f8b866f3e887b80a355f98d4ff1e7a5c81bfae7434ccad3a20472ed491451f44eff07dac607d670f2588a8167f976afe49d1

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
642204f5f29ed00a25daf8fa03777a3b

SHA1
2b5ae7ee534b90cdb216c3e91d93e04ac9e46d6b

SHA256
e151307c8873bbb0a7005371185458ef8ed4fbc44115424bcba69755b8bd7aef

SHA512
cd74fe3b5793caaa004bc251b544f8b866f3e887b80a355f98d4ff1e7a5c81bfae7434ccad3a20472ed491451f44eff07dac607d670f2588a8167f976afe49d1

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
642204f5f29ed00a25daf8fa03777a3b

SHA1
2b5ae7ee534b90cdb216c3e91d93e04ac9e46d6b

SHA256
e151307c8873bbb0a7005371185458ef8ed4fbc44115424bcba69755b8bd7aef

SHA512
cd74fe3b5793caaa004bc251b544f8b866f3e887b80a355f98d4ff1e7a5c81bfae7434ccad3a20472ed491451f44eff07dac607d670f2588a8167f976afe49d1

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
642204f5f29ed00a25daf8fa03777a3b

SHA1
2b5ae7ee534b90cdb216c3e91d93e04ac9e46d6b

SHA256
e151307c8873bbb0a7005371185458ef8ed4fbc44115424bcba69755b8bd7aef

SHA512
cd74fe3b5793caaa004bc251b544f8b866f3e887b80a355f98d4ff1e7a5c81bfae7434ccad3a20472ed491451f44eff07dac607d670f2588a8167f976afe49d1

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
642204f5f29ed00a25daf8fa03777a3b

SHA1
2b5ae7ee534b90cdb216c3e91d93e04ac9e46d6b

SHA256
e151307c8873bbb0a7005371185458ef8ed4fbc44115424bcba69755b8bd7aef

SHA512
cd74fe3b5793caaa004bc251b544f8b866f3e887b80a355f98d4ff1e7a5c81bfae7434ccad3a20472ed491451f44eff07dac607d670f2588a8167f976afe49d1

Download Submit
memory/1012-54-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads