b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d

Analysis

max time kernel
153s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
Size

2.2MB
MD5

07dc8bcc1e2e6fb01289eec6c1fe48e8
SHA1

a6d08e7261a007e78b70080e0c56a74e45d81eb4
SHA256

b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d
SHA512

024f7570673ad0eecc7ab56efc0dc29482b4a042ab177dc6d554511b5339ce8015ef63ee358ca632d02dc34df86cb2a9f43dacbf8c17391a13ceae7a797bfcf8
SSDEEP

24576:ZMMpXS0hN0V0H5JfGMMTDVaNhi5k5nuYr4HZyKtNN:Kwi0L0q7GMMTDVaNhkk5nujZyKtNN

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 7 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x00140000000054ab-55.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-56.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-58.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-60.dat	aspack_v212_v242
behavioral1/files/0x00090000000122f7-61.dat	aspack_v212_v242
behavioral1/files/0x00090000000122f7-62.dat	aspack_v212_v242
behavioral1/files/0x00080000000122fc-64.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
1572	HelpMe.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe

Loads dropped DLL 2 IoCs

pid	Process
1800	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
1800	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\G:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\V:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\Z:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\J:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\R:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\O:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\P:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\Y:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\F:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\I:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\S:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\U:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\T:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\W:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\X:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\A:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\L:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\B:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\F:	HelpMe.exe
File opened (read-only)	\??\K:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\N:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\Q:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\E:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\H:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\M:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	C:\AUTORUN.INF	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened for modification	C:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 1572	1800	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe	28
PID 1800 wrote to memory of 1572	1800	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe	28
PID 1800 wrote to memory of 1572	1800	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe	28
PID 1800 wrote to memory of 1572	1800	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe	28

C:\Users\Admin\AppData\Local\Temp\b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
"C:\Users\Admin\AppData\Local\Temp\b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Drops startup file
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:1572

Network

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2292972927-2705560509-2768824231-1000\desktop.ini.exe

Filesize
2.2MB

MD5
8ea76c752d29b8a873ae66f1a3f7f48d

SHA1
4930ac633d7aefa1e6d8d4b538e83b4ac7f436dc

SHA256
8c3ae0ed440860df943e94a931c01ec0465c555acf7cb18898714f6efd68f04d

SHA512
c05194f9e1481aa4e2213c8ac1cb8e69a766e2db2f17b544a863718a6588e9dba1801d620739af5b69bb800b1aae12c5b4b1cbdae136751f93c91d2cff95d934

Download Submit
C:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
C:\AutoRun.exe

Filesize
2.2MB

MD5
07dc8bcc1e2e6fb01289eec6c1fe48e8

SHA1
a6d08e7261a007e78b70080e0c56a74e45d81eb4

SHA256
b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d

SHA512
024f7570673ad0eecc7ab56efc0dc29482b4a042ab177dc6d554511b5339ce8015ef63ee358ca632d02dc34df86cb2a9f43dacbf8c17391a13ceae7a797bfcf8

Download Submit
C:\AutoRun.exe

Filesize
2.2MB

MD5
07dc8bcc1e2e6fb01289eec6c1fe48e8

SHA1
a6d08e7261a007e78b70080e0c56a74e45d81eb4

SHA256
b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d

SHA512
024f7570673ad0eecc7ab56efc0dc29482b4a042ab177dc6d554511b5339ce8015ef63ee358ca632d02dc34df86cb2a9f43dacbf8c17391a13ceae7a797bfcf8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
b56e87c31ed90576c521c3292178f658

SHA1
ebf6f735cd037eaf61d55a9952fbe703aeba49f0

SHA256
88a1f544706ef413540e23bedaacf29d84b14834252946cbaa921e346b82f441

SHA512
0ad3a95cb6168f4b960087bc2e80f63c5774b74c8a50f6023c8fa4e14da88cf084c99a918142ac0d832594af642f230dd879fdc54cc169cafa666e17f4710e35

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
b56e87c31ed90576c521c3292178f658

SHA1
ebf6f735cd037eaf61d55a9952fbe703aeba49f0

SHA256
88a1f544706ef413540e23bedaacf29d84b14834252946cbaa921e346b82f441

SHA512
0ad3a95cb6168f4b960087bc2e80f63c5774b74c8a50f6023c8fa4e14da88cf084c99a918142ac0d832594af642f230dd879fdc54cc169cafa666e17f4710e35

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
b56e87c31ed90576c521c3292178f658

SHA1
ebf6f735cd037eaf61d55a9952fbe703aeba49f0

SHA256
88a1f544706ef413540e23bedaacf29d84b14834252946cbaa921e346b82f441

SHA512
0ad3a95cb6168f4b960087bc2e80f63c5774b74c8a50f6023c8fa4e14da88cf084c99a918142ac0d832594af642f230dd879fdc54cc169cafa666e17f4710e35

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
b56e87c31ed90576c521c3292178f658

SHA1
ebf6f735cd037eaf61d55a9952fbe703aeba49f0

SHA256
88a1f544706ef413540e23bedaacf29d84b14834252946cbaa921e346b82f441

SHA512
0ad3a95cb6168f4b960087bc2e80f63c5774b74c8a50f6023c8fa4e14da88cf084c99a918142ac0d832594af642f230dd879fdc54cc169cafa666e17f4710e35

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
b56e87c31ed90576c521c3292178f658

SHA1
ebf6f735cd037eaf61d55a9952fbe703aeba49f0

SHA256
88a1f544706ef413540e23bedaacf29d84b14834252946cbaa921e346b82f441

SHA512
0ad3a95cb6168f4b960087bc2e80f63c5774b74c8a50f6023c8fa4e14da88cf084c99a918142ac0d832594af642f230dd879fdc54cc169cafa666e17f4710e35

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
b56e87c31ed90576c521c3292178f658

SHA1
ebf6f735cd037eaf61d55a9952fbe703aeba49f0

SHA256
88a1f544706ef413540e23bedaacf29d84b14834252946cbaa921e346b82f441

SHA512
0ad3a95cb6168f4b960087bc2e80f63c5774b74c8a50f6023c8fa4e14da88cf084c99a918142ac0d832594af642f230dd879fdc54cc169cafa666e17f4710e35

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
b56e87c31ed90576c521c3292178f658

SHA1
ebf6f735cd037eaf61d55a9952fbe703aeba49f0

SHA256
88a1f544706ef413540e23bedaacf29d84b14834252946cbaa921e346b82f441

SHA512
0ad3a95cb6168f4b960087bc2e80f63c5774b74c8a50f6023c8fa4e14da88cf084c99a918142ac0d832594af642f230dd879fdc54cc169cafa666e17f4710e35

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
b56e87c31ed90576c521c3292178f658

SHA1
ebf6f735cd037eaf61d55a9952fbe703aeba49f0

SHA256
88a1f544706ef413540e23bedaacf29d84b14834252946cbaa921e346b82f441

SHA512
0ad3a95cb6168f4b960087bc2e80f63c5774b74c8a50f6023c8fa4e14da88cf084c99a918142ac0d832594af642f230dd879fdc54cc169cafa666e17f4710e35

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
b56e87c31ed90576c521c3292178f658

SHA1
ebf6f735cd037eaf61d55a9952fbe703aeba49f0

SHA256
88a1f544706ef413540e23bedaacf29d84b14834252946cbaa921e346b82f441

SHA512
0ad3a95cb6168f4b960087bc2e80f63c5774b74c8a50f6023c8fa4e14da88cf084c99a918142ac0d832594af642f230dd879fdc54cc169cafa666e17f4710e35

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
aa4f0aff3e41d3819d02a4790464bbb8

SHA1
287cb28ce934dfc0077c9894dee03483514b3fd6

SHA256
faf6107bb0bc0070d1c4e02ab67fa813d13881c63f607a2f55bd82e4df9be9d4

SHA512
d03e6f52d7d3dff3f878ada4124eff50eae0692f83c5865ee7af2775b50ac1148cdbaa41ed25b8028d64b2380a67635483672a28399af3bf476f72712c40e628

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
b56e87c31ed90576c521c3292178f658

SHA1
ebf6f735cd037eaf61d55a9952fbe703aeba49f0

SHA256
88a1f544706ef413540e23bedaacf29d84b14834252946cbaa921e346b82f441

SHA512
0ad3a95cb6168f4b960087bc2e80f63c5774b74c8a50f6023c8fa4e14da88cf084c99a918142ac0d832594af642f230dd879fdc54cc169cafa666e17f4710e35

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
b56e87c31ed90576c521c3292178f658

SHA1
ebf6f735cd037eaf61d55a9952fbe703aeba49f0

SHA256
88a1f544706ef413540e23bedaacf29d84b14834252946cbaa921e346b82f441

SHA512
0ad3a95cb6168f4b960087bc2e80f63c5774b74c8a50f6023c8fa4e14da88cf084c99a918142ac0d832594af642f230dd879fdc54cc169cafa666e17f4710e35

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
b56e87c31ed90576c521c3292178f658

SHA1
ebf6f735cd037eaf61d55a9952fbe703aeba49f0

SHA256
88a1f544706ef413540e23bedaacf29d84b14834252946cbaa921e346b82f441

SHA512
0ad3a95cb6168f4b960087bc2e80f63c5774b74c8a50f6023c8fa4e14da88cf084c99a918142ac0d832594af642f230dd879fdc54cc169cafa666e17f4710e35

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
aa4f0aff3e41d3819d02a4790464bbb8

SHA1
287cb28ce934dfc0077c9894dee03483514b3fd6

SHA256
faf6107bb0bc0070d1c4e02ab67fa813d13881c63f607a2f55bd82e4df9be9d4

SHA512
d03e6f52d7d3dff3f878ada4124eff50eae0692f83c5865ee7af2775b50ac1148cdbaa41ed25b8028d64b2380a67635483672a28399af3bf476f72712c40e628

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
b56e87c31ed90576c521c3292178f658

SHA1
ebf6f735cd037eaf61d55a9952fbe703aeba49f0

SHA256
88a1f544706ef413540e23bedaacf29d84b14834252946cbaa921e346b82f441

SHA512
0ad3a95cb6168f4b960087bc2e80f63c5774b74c8a50f6023c8fa4e14da88cf084c99a918142ac0d832594af642f230dd879fdc54cc169cafa666e17f4710e35

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a987d43fd7ae31704918d1b6e2a539ed

SHA1
b44dd35996b4443ff8770516bdf145f1b956047c

SHA256
117f3ed22fbdf691a6bcd0f15d4059717ddae4c35ad0c9e0a56ef51ab441d42c

SHA512
c2b5a11083c623913ea7f561bc5fa044f5f104770b0033fd7550a7edb4cd65ded5644a0c0652a469ead4acd74b82b9f7c351145bc81497a39ba21be960fbabc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
954B

MD5
b56e87c31ed90576c521c3292178f658

SHA1
ebf6f735cd037eaf61d55a9952fbe703aeba49f0

SHA256
88a1f544706ef413540e23bedaacf29d84b14834252946cbaa921e346b82f441

SHA512
0ad3a95cb6168f4b960087bc2e80f63c5774b74c8a50f6023c8fa4e14da88cf084c99a918142ac0d832594af642f230dd879fdc54cc169cafa666e17f4710e35

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
2.2MB

MD5
6992a4aa24f4bfc23c78d56e8156ef86

SHA1
64bea40d8c811846d007778cab05bd0ef8f3d60d

SHA256
23193e99ae0c77cbd69bd3115901af55c6609f332a3b10a7681fdcc316d51853

SHA512
46738077e8ea764cbfee7fb334d30f83e18665676c5cd5428c7cd9d40ebfb86449b50a7a683889cf341fe5b5e8041f63cd97e1415e16abfd3f6d6bf5b1f6f522

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
2.2MB

MD5
6992a4aa24f4bfc23c78d56e8156ef86

SHA1
64bea40d8c811846d007778cab05bd0ef8f3d60d

SHA256
23193e99ae0c77cbd69bd3115901af55c6609f332a3b10a7681fdcc316d51853

SHA512
46738077e8ea764cbfee7fb334d30f83e18665676c5cd5428c7cd9d40ebfb86449b50a7a683889cf341fe5b5e8041f63cd97e1415e16abfd3f6d6bf5b1f6f522

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
2.2MB

MD5
6992a4aa24f4bfc23c78d56e8156ef86

SHA1
64bea40d8c811846d007778cab05bd0ef8f3d60d

SHA256
23193e99ae0c77cbd69bd3115901af55c6609f332a3b10a7681fdcc316d51853

SHA512
46738077e8ea764cbfee7fb334d30f83e18665676c5cd5428c7cd9d40ebfb86449b50a7a683889cf341fe5b5e8041f63cd97e1415e16abfd3f6d6bf5b1f6f522

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
2.2MB

MD5
6992a4aa24f4bfc23c78d56e8156ef86

SHA1
64bea40d8c811846d007778cab05bd0ef8f3d60d

SHA256
23193e99ae0c77cbd69bd3115901af55c6609f332a3b10a7681fdcc316d51853

SHA512
46738077e8ea764cbfee7fb334d30f83e18665676c5cd5428c7cd9d40ebfb86449b50a7a683889cf341fe5b5e8041f63cd97e1415e16abfd3f6d6bf5b1f6f522

Download Submit
memory/1800-54-0x00000000758C1000-0x00000000758C3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads