fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712

Analysis

max time kernel
245s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21/10/2022, 00:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
Size

446KB
MD5

1947ee75d1cdd7dc7d0da0fbe985b766
SHA1

2ad9ac83a8dd0150254cdc13aa35ed67d032ada4
SHA256

fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712
SHA512

9d17d4504e5059df6aac0aee124fec3696766072c8d0170030a6d2573fde7b1a020d586f4cf976335ae1c9f2cabce0913b91a566d04ec3526f5d6fb5b87ab8af
SSDEEP

6144:k82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBil2:Cp4pNfz3ymJnJ8QCFkxCaQTOl2j6

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe

Executes dropped EXE 1 IoCs

pid	Process
968	HelpMe.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Loads dropped DLL 25 IoCs

pid	Process
1180	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
1180	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe
968	HelpMe.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\B:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\J:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\F:	HelpMe.exe
File opened (read-only)	\??\S:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\V:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\G:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\H:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\X:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\F:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\I:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\M:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\Q:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\R:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\A:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\T:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\W:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\O:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\U:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\Y:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\E:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\L:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\Z:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\K:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\N:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File opened (read-only)	\??\P:	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	C:\AUTORUN.INF	HelpMe.exe
File opened for modification	C:\AUTORUN.INF	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 968	1180	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe	27
PID 1180 wrote to memory of 968	1180	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe	27
PID 1180 wrote to memory of 968	1180	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe	27
PID 1180 wrote to memory of 968	1180	fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe	27

C:\Users\Admin\AppData\Local\Temp\fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe
"C:\Users\Admin\AppData\Local\Temp\fbf43eef2c53859ed5c6497e5c3da8b567c22dc9e946803edbaa49cbe485f712.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Drops startup file
  - Loads dropped DLL
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:968

Network

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3845472200-3839195424-595303356-1000\desktop.ini.exe

Filesize
436KB

MD5
7a62f70019dbf7f828b321d6595dc083

SHA1
ee2608fc22a561644e8835726940cfb9d7722c17

SHA256
e704e414745df71e3fae923480531cb2b5a8e1a6ca30d00821b675f2aa5e6c46

SHA512
a99bc1ca56996802c0901e9792fb42c1b5de96fd5041e3de19e6ab08fd9c34e6ea047424bd0fd2523846c9b38b875768db4d91dd2f0034e2bb7a3c113c1ea5d5

Download Submit
C:\AutoRun.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
df42a47924c1870e2f596f3b8b90ac91

SHA1
c472b26f571e4ca9fec7817511308693d19d8285

SHA256
e4b56326af6c5bdfd91d2e27d1a0ef96df73d07b7ea09fb42cca7f53126d5afd

SHA512
03c9616570201bf920dd7bfdb50593f784082abef3b624add3ff7141cc8a806e645eb0b5c56dc161b013a010808887cf85e0aae4d36b8d806df55dc22f79a044

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
df42a47924c1870e2f596f3b8b90ac91

SHA1
c472b26f571e4ca9fec7817511308693d19d8285

SHA256
e4b56326af6c5bdfd91d2e27d1a0ef96df73d07b7ea09fb42cca7f53126d5afd

SHA512
03c9616570201bf920dd7bfdb50593f784082abef3b624add3ff7141cc8a806e645eb0b5c56dc161b013a010808887cf85e0aae4d36b8d806df55dc22f79a044

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
faa70f839db1536cf556e608f7631d2b

SHA1
d6a33646570fef511ae3e4ceb61d4628175abfb8

SHA256
ae9bba18f436482742971a8b19397e4cfad1fd8e32041b81349fb829cc1c85cc

SHA512
60da5ca9bad3593780fdcc7a2c86681977a9b9846263765b011dc0f893a542a5c0e5d7a683ddbb09ed15115205061069cf504189ba6c4ce85b64ffd86240bcd8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
f4020145baac61281bc711a3a1f3871d

SHA1
fcadc907d16ec3f40cac4288fc9ee0465592435f

SHA256
85dc3f3481867e1ec3cdd517bfd30e633b5feadeccc216ecbdc4fd0133657b91

SHA512
974702283560a156d83da8c4921ec72ca745648e8e7453e1a762249d07bb01a54a828c47303cc1049bc0e01e711e560f6aad5c38c7ce6dba3bb9603f835d9b10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
f4020145baac61281bc711a3a1f3871d

SHA1
fcadc907d16ec3f40cac4288fc9ee0465592435f

SHA256
85dc3f3481867e1ec3cdd517bfd30e633b5feadeccc216ecbdc4fd0133657b91

SHA512
974702283560a156d83da8c4921ec72ca745648e8e7453e1a762249d07bb01a54a828c47303cc1049bc0e01e711e560f6aad5c38c7ce6dba3bb9603f835d9b10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
df42a47924c1870e2f596f3b8b90ac91

SHA1
c472b26f571e4ca9fec7817511308693d19d8285

SHA256
e4b56326af6c5bdfd91d2e27d1a0ef96df73d07b7ea09fb42cca7f53126d5afd

SHA512
03c9616570201bf920dd7bfdb50593f784082abef3b624add3ff7141cc8a806e645eb0b5c56dc161b013a010808887cf85e0aae4d36b8d806df55dc22f79a044

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
f4020145baac61281bc711a3a1f3871d

SHA1
fcadc907d16ec3f40cac4288fc9ee0465592435f

SHA256
85dc3f3481867e1ec3cdd517bfd30e633b5feadeccc216ecbdc4fd0133657b91

SHA512
974702283560a156d83da8c4921ec72ca745648e8e7453e1a762249d07bb01a54a828c47303cc1049bc0e01e711e560f6aad5c38c7ce6dba3bb9603f835d9b10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
f4020145baac61281bc711a3a1f3871d

SHA1
fcadc907d16ec3f40cac4288fc9ee0465592435f

SHA256
85dc3f3481867e1ec3cdd517bfd30e633b5feadeccc216ecbdc4fd0133657b91

SHA512
974702283560a156d83da8c4921ec72ca745648e8e7453e1a762249d07bb01a54a828c47303cc1049bc0e01e711e560f6aad5c38c7ce6dba3bb9603f835d9b10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
df42a47924c1870e2f596f3b8b90ac91

SHA1
c472b26f571e4ca9fec7817511308693d19d8285

SHA256
e4b56326af6c5bdfd91d2e27d1a0ef96df73d07b7ea09fb42cca7f53126d5afd

SHA512
03c9616570201bf920dd7bfdb50593f784082abef3b624add3ff7141cc8a806e645eb0b5c56dc161b013a010808887cf85e0aae4d36b8d806df55dc22f79a044

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
f4020145baac61281bc711a3a1f3871d

SHA1
fcadc907d16ec3f40cac4288fc9ee0465592435f

SHA256
85dc3f3481867e1ec3cdd517bfd30e633b5feadeccc216ecbdc4fd0133657b91

SHA512
974702283560a156d83da8c4921ec72ca745648e8e7453e1a762249d07bb01a54a828c47303cc1049bc0e01e711e560f6aad5c38c7ce6dba3bb9603f835d9b10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
f4020145baac61281bc711a3a1f3871d

SHA1
fcadc907d16ec3f40cac4288fc9ee0465592435f

SHA256
85dc3f3481867e1ec3cdd517bfd30e633b5feadeccc216ecbdc4fd0133657b91

SHA512
974702283560a156d83da8c4921ec72ca745648e8e7453e1a762249d07bb01a54a828c47303cc1049bc0e01e711e560f6aad5c38c7ce6dba3bb9603f835d9b10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
df42a47924c1870e2f596f3b8b90ac91

SHA1
c472b26f571e4ca9fec7817511308693d19d8285

SHA256
e4b56326af6c5bdfd91d2e27d1a0ef96df73d07b7ea09fb42cca7f53126d5afd

SHA512
03c9616570201bf920dd7bfdb50593f784082abef3b624add3ff7141cc8a806e645eb0b5c56dc161b013a010808887cf85e0aae4d36b8d806df55dc22f79a044

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
f4020145baac61281bc711a3a1f3871d

SHA1
fcadc907d16ec3f40cac4288fc9ee0465592435f

SHA256
85dc3f3481867e1ec3cdd517bfd30e633b5feadeccc216ecbdc4fd0133657b91

SHA512
974702283560a156d83da8c4921ec72ca745648e8e7453e1a762249d07bb01a54a828c47303cc1049bc0e01e711e560f6aad5c38c7ce6dba3bb9603f835d9b10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
df42a47924c1870e2f596f3b8b90ac91

SHA1
c472b26f571e4ca9fec7817511308693d19d8285

SHA256
e4b56326af6c5bdfd91d2e27d1a0ef96df73d07b7ea09fb42cca7f53126d5afd

SHA512
03c9616570201bf920dd7bfdb50593f784082abef3b624add3ff7141cc8a806e645eb0b5c56dc161b013a010808887cf85e0aae4d36b8d806df55dc22f79a044

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
f4020145baac61281bc711a3a1f3871d

SHA1
fcadc907d16ec3f40cac4288fc9ee0465592435f

SHA256
85dc3f3481867e1ec3cdd517bfd30e633b5feadeccc216ecbdc4fd0133657b91

SHA512
974702283560a156d83da8c4921ec72ca745648e8e7453e1a762249d07bb01a54a828c47303cc1049bc0e01e711e560f6aad5c38c7ce6dba3bb9603f835d9b10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
df42a47924c1870e2f596f3b8b90ac91

SHA1
c472b26f571e4ca9fec7817511308693d19d8285

SHA256
e4b56326af6c5bdfd91d2e27d1a0ef96df73d07b7ea09fb42cca7f53126d5afd

SHA512
03c9616570201bf920dd7bfdb50593f784082abef3b624add3ff7141cc8a806e645eb0b5c56dc161b013a010808887cf85e0aae4d36b8d806df55dc22f79a044

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
f4020145baac61281bc711a3a1f3871d

SHA1
fcadc907d16ec3f40cac4288fc9ee0465592435f

SHA256
85dc3f3481867e1ec3cdd517bfd30e633b5feadeccc216ecbdc4fd0133657b91

SHA512
974702283560a156d83da8c4921ec72ca745648e8e7453e1a762249d07bb01a54a828c47303cc1049bc0e01e711e560f6aad5c38c7ce6dba3bb9603f835d9b10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
faa70f839db1536cf556e608f7631d2b

SHA1
d6a33646570fef511ae3e4ceb61d4628175abfb8

SHA256
ae9bba18f436482742971a8b19397e4cfad1fd8e32041b81349fb829cc1c85cc

SHA512
60da5ca9bad3593780fdcc7a2c86681977a9b9846263765b011dc0f893a542a5c0e5d7a683ddbb09ed15115205061069cf504189ba6c4ce85b64ffd86240bcd8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
df42a47924c1870e2f596f3b8b90ac91

SHA1
c472b26f571e4ca9fec7817511308693d19d8285

SHA256
e4b56326af6c5bdfd91d2e27d1a0ef96df73d07b7ea09fb42cca7f53126d5afd

SHA512
03c9616570201bf920dd7bfdb50593f784082abef3b624add3ff7141cc8a806e645eb0b5c56dc161b013a010808887cf85e0aae4d36b8d806df55dc22f79a044

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
df42a47924c1870e2f596f3b8b90ac91

SHA1
c472b26f571e4ca9fec7817511308693d19d8285

SHA256
e4b56326af6c5bdfd91d2e27d1a0ef96df73d07b7ea09fb42cca7f53126d5afd

SHA512
03c9616570201bf920dd7bfdb50593f784082abef3b624add3ff7141cc8a806e645eb0b5c56dc161b013a010808887cf85e0aae4d36b8d806df55dc22f79a044

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
df42a47924c1870e2f596f3b8b90ac91

SHA1
c472b26f571e4ca9fec7817511308693d19d8285

SHA256
e4b56326af6c5bdfd91d2e27d1a0ef96df73d07b7ea09fb42cca7f53126d5afd

SHA512
03c9616570201bf920dd7bfdb50593f784082abef3b624add3ff7141cc8a806e645eb0b5c56dc161b013a010808887cf85e0aae4d36b8d806df55dc22f79a044

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
f4020145baac61281bc711a3a1f3871d

SHA1
fcadc907d16ec3f40cac4288fc9ee0465592435f

SHA256
85dc3f3481867e1ec3cdd517bfd30e633b5feadeccc216ecbdc4fd0133657b91

SHA512
974702283560a156d83da8c4921ec72ca745648e8e7453e1a762249d07bb01a54a828c47303cc1049bc0e01e711e560f6aad5c38c7ce6dba3bb9603f835d9b10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
df42a47924c1870e2f596f3b8b90ac91

SHA1
c472b26f571e4ca9fec7817511308693d19d8285

SHA256
e4b56326af6c5bdfd91d2e27d1a0ef96df73d07b7ea09fb42cca7f53126d5afd

SHA512
03c9616570201bf920dd7bfdb50593f784082abef3b624add3ff7141cc8a806e645eb0b5c56dc161b013a010808887cf85e0aae4d36b8d806df55dc22f79a044

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
f4020145baac61281bc711a3a1f3871d

SHA1
fcadc907d16ec3f40cac4288fc9ee0465592435f

SHA256
85dc3f3481867e1ec3cdd517bfd30e633b5feadeccc216ecbdc4fd0133657b91

SHA512
974702283560a156d83da8c4921ec72ca745648e8e7453e1a762249d07bb01a54a828c47303cc1049bc0e01e711e560f6aad5c38c7ce6dba3bb9603f835d9b10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
df42a47924c1870e2f596f3b8b90ac91

SHA1
c472b26f571e4ca9fec7817511308693d19d8285

SHA256
e4b56326af6c5bdfd91d2e27d1a0ef96df73d07b7ea09fb42cca7f53126d5afd

SHA512
03c9616570201bf920dd7bfdb50593f784082abef3b624add3ff7141cc8a806e645eb0b5c56dc161b013a010808887cf85e0aae4d36b8d806df55dc22f79a044

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
435KB

MD5
e609b1e2f6f7b74f257b9cca5a6c201e

SHA1
ae17eba3d5e8ce0f5ebf1b9dc7383150fb9dc451

SHA256
ba56390d57d74a2fd4123241b5cfc91d6320c0baa2fce599f7d6d5804835e560

SHA512
d8b6695cd550aa1b1997e406549250910f6c16dd07cb2a9bd6c16f95901ff05998e6ca8717abaa688453fb32a21dc23eb4556a184b6bb37016831b47d97ebb19

Download Submit
memory/1180-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads