1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59

Analysis

max time kernel
153s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
Size

2.3MB
MD5

339e0ff2da0df2a41bc2a68017f45187
SHA1

8d7ffce6c52280f774d355c5d47113c275555b61
SHA256

1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59
SHA512

3380af185746f72374a796040d7be96a93ebb78dc2485aee7014a570237de17aaee9f40aa5ff9283e913dfe543b753787bcd0aeab81837b5ee2c1f2975744017
SSDEEP

49152:Kwi0L0q7GMMTDVaNhkk5nujZyKtNdtJtK:Vi0hGMMTDVaNhl5nujZySNdtJtK

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 6 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x0007000000005c50-55.dat	aspack_v212_v242
behavioral1/files/0x0007000000005c50-56.dat	aspack_v212_v242
behavioral1/files/0x0007000000005c50-58.dat	aspack_v212_v242
behavioral1/files/0x0007000000005c50-60.dat	aspack_v212_v242
behavioral1/files/0x0008000000013aad-61.dat	aspack_v212_v242
behavioral1/files/0x000a0000000135a6-62.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
1620	HelpMe.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe

Loads dropped DLL 2 IoCs

pid	Process
1612	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
1612	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\X:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\F:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\H:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\E:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\U:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\Z:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\A:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\N:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\T:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\F:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\V:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\W:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\P:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\K:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\G:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\L:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\O:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\R:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\B:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\J:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\Q:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\Y:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\I:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\S:	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	C:\AUTORUN.INF	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File opened for modification	C:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 1620	1612	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe	26
PID 1612 wrote to memory of 1620	1612	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe	26
PID 1612 wrote to memory of 1620	1612	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe	26
PID 1612 wrote to memory of 1620	1612	1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe	26

C:\Users\Admin\AppData\Local\Temp\1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe
"C:\Users\Admin\AppData\Local\Temp\1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Drops startup file
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:1620

Network

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-999675638-2867687379-27515722-1000\desktop.ini.exe

Filesize
2.3MB

MD5
fdfdc5668661eede90bffd290069cdbb

SHA1
23fcd48f7d1d3f80f5d66ddf84162fb731d4ce2a

SHA256
c060091fa7a20739a3149e9368a49e3e9149316f2e31d5bd286259f36a83942a

SHA512
9f87ffe53981743a5937739204a2be02bd1c317d7794d8d2a993b543477883cf05b4f81d1d2f5fa41e2fce4d95e7635eab3c476367f22ec97400c0ccd3eb3bd3

Download Submit
C:\AutoRun.exe

Filesize
2.3MB

MD5
339e0ff2da0df2a41bc2a68017f45187

SHA1
8d7ffce6c52280f774d355c5d47113c275555b61

SHA256
1dae8bae39e6424ed2589240c08020b489b7e00d5f2ce3f3b63d326d0a56fb59

SHA512
3380af185746f72374a796040d7be96a93ebb78dc2485aee7014a570237de17aaee9f40aa5ff9283e913dfe543b753787bcd0aeab81837b5ee2c1f2975744017

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a6b5ac90ce9b767f49af3d7b4db14f8

SHA1
5e26b0642327dd6d32efe55f7f56b4b204a8f558

SHA256
4d2a8a384c447a5eb3ff218418f379ef89f260025cd1d403a217371fb2609744

SHA512
37eeae77ebc8e1ebd76dccc2ffeab3caed463a9a56fcb02eba1fee9d35afd6567b9a4155404a3412cf8cca85f157d32248259c775e1db35c165c7275bc153411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
946B

MD5
607959212eaf0f30cf3894dc9f05da61

SHA1
843c1080dc1e03ae05141ef87b661c3a5a82a27d

SHA256
f368b34a6b76e1861caee5b251e6442c1caa77eaffc21da09d6e1322d9799db6

SHA512
f1e7850f2a4863717406eb90e3eee50eab01dccf403f868b81a25aad331bbe3dadaff3d1fd191b562645c243cda0ec8f762e77c3ad19c3d743c785bf3d1e78ab

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
2.3MB

MD5
74d1fc0c5d6cea5694c617704575cccf

SHA1
c461ac86f71dadb76fd9616340998d870480004e

SHA256
89cef3384f5cedfd7c677108d397da373274af74b953bb2142c0f1bd80e098b0

SHA512
28911681599da740df4a9b53cc4c6a88b472da3d639e2c056c6cd1cb7bde5fb97669824632e02f50b744b579832c7740964319ed8d00d55e33ee245119855712

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
2.3MB

MD5
74d1fc0c5d6cea5694c617704575cccf

SHA1
c461ac86f71dadb76fd9616340998d870480004e

SHA256
89cef3384f5cedfd7c677108d397da373274af74b953bb2142c0f1bd80e098b0

SHA512
28911681599da740df4a9b53cc4c6a88b472da3d639e2c056c6cd1cb7bde5fb97669824632e02f50b744b579832c7740964319ed8d00d55e33ee245119855712

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
2.3MB

MD5
74d1fc0c5d6cea5694c617704575cccf

SHA1
c461ac86f71dadb76fd9616340998d870480004e

SHA256
89cef3384f5cedfd7c677108d397da373274af74b953bb2142c0f1bd80e098b0

SHA512
28911681599da740df4a9b53cc4c6a88b472da3d639e2c056c6cd1cb7bde5fb97669824632e02f50b744b579832c7740964319ed8d00d55e33ee245119855712

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
2.3MB

MD5
74d1fc0c5d6cea5694c617704575cccf

SHA1
c461ac86f71dadb76fd9616340998d870480004e

SHA256
89cef3384f5cedfd7c677108d397da373274af74b953bb2142c0f1bd80e098b0

SHA512
28911681599da740df4a9b53cc4c6a88b472da3d639e2c056c6cd1cb7bde5fb97669824632e02f50b744b579832c7740964319ed8d00d55e33ee245119855712

Download Submit
memory/1612-54-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads