b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d

Analysis

max time kernel
167s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2022 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
Size

2.2MB
MD5

07dc8bcc1e2e6fb01289eec6c1fe48e8
SHA1

a6d08e7261a007e78b70080e0c56a74e45d81eb4
SHA256

b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d
SHA512

024f7570673ad0eecc7ab56efc0dc29482b4a042ab177dc6d554511b5339ce8015ef63ee358ca632d02dc34df86cb2a9f43dacbf8c17391a13ceae7a797bfcf8
SSDEEP

24576:ZMMpXS0hN0V0H5JfGMMTDVaNhi5k5nuYr4HZyKtNN:Kwi0L0q7GMMTDVaNhkk5nujZyKtNN

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x0008000000022dfa-133.dat	aspack_v212_v242
behavioral2/files/0x0008000000022dfa-134.dat	aspack_v212_v242
behavioral2/files/0x0006000000022e12-135.dat	aspack_v212_v242
behavioral2/files/0x0006000000022e10-136.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
4908	HelpMe.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\G:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\H:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\K:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\A:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\N:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\W:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\F:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\M:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\O:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\U:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\Y:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\Q:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\S:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\X:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\F:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\I:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\V:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\L:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\R:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\B:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\J:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\P:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\T:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\Z:	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	C:\AUTORUN.INF	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File opened for modification	C:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\ConvertToRename.wmv.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\nb.pak.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\pt-PT.pak.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\7-Zip\History.txt.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\7-Zip\7z.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\lv.pak.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\libEGL.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\vi.pak.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\manifest.json.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\zh-TW.pak.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\7-Zip\7-zip.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.exe	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3724 wrote to memory of 4908	3724	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe	79
PID 3724 wrote to memory of 4908	3724	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe	79
PID 3724 wrote to memory of 4908	3724	b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe	79

C:\Users\Admin\AppData\Local\Temp\b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe
"C:\Users\Admin\AppData\Local\Temp\b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3724
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Drops startup file
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:4908

Network

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2629973501-4017243118-3254762364-1000\desktop.ini.exe

Filesize
2.2MB

MD5
30710788bec6385df6f7f1dc4847580a

SHA1
a2c241d86520e38f73d251f6c0ff502cfb2f0e94

SHA256
b6144fb06c695e60251cca494e58abae7d74c9ad3ce30895938a67e2a10fe810

SHA512
9f267a2e43eb99932276aeeea24fba0f8222c8f96d1d330d61759cd685b5bdce7c17fb92b393001ad0ebc3301b1ebc9b1ce123d210e1f306a8f36e10ca0e0123

Download Submit
C:\AutoRun.exe

Filesize
2.2MB

MD5
07dc8bcc1e2e6fb01289eec6c1fe48e8

SHA1
a6d08e7261a007e78b70080e0c56a74e45d81eb4

SHA256
b88370eca80f18c18d05b1fb29f1b2d9d5be7e6faeaaf6b974979b7be5c6562d

SHA512
024f7570673ad0eecc7ab56efc0dc29482b4a042ab177dc6d554511b5339ce8015ef63ee358ca632d02dc34df86cb2a9f43dacbf8c17391a13ceae7a797bfcf8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
eab2e1c104b8427b276134ced39a8f1a

SHA1
e87d0050af4a7012fb6317cff53ee06587367437

SHA256
c2138933fda3c36cfeee491505c149244335c4c0ab94bc6b2ec1fefbae94ead1

SHA512
68b3820fb618c7b504ebb8a354d02550b8faa00ea2fac488bc7d90ab4ffb6c334ba9b07161a85c5bdb849e493ed938a864113032545f83e6f414c5e0419625d5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
539354c7dcc4110142f8ac707354b2c5

SHA1
b61bc203feb2c03de11005131e272376f8fc4a92

SHA256
af611ea3a8b163eaba6f1a93f0c42069e7ac7b6c4a6420d67f778fbad0f53d86

SHA512
2dd7539c30ea899d0afa9ea72eec657374ce90c22cfed128b95db5410c7d89d4aab05dd933462d0b25738f67f587c0f3d2e9a877b7d4b7a54c6d59209d08696b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
d8e6447ada35433dc6a308557cabf321

SHA1
90fc755fae3324b526108ebaca109304d2a462fe

SHA256
621eceec301895d6ab46479ea6d92419219ec7602fc0f802837160a77b666a6d

SHA512
82065fa688602a57286a7b11c9bfbcff23189b3d27e1b528efe77a3dc96fb47268534feee5382aa7b2f5a4b5d183af296035abcfc2880112e2519de3595245ac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
128664e265b7482bbe46ffc644da125b

SHA1
21e37d796f3e7c8235667e8feedda79aa8ff0fc7

SHA256
3893fb5d6b3f2725cdef772ebe3ee68801434c91da9558155d959c3e4f356adc

SHA512
8c9837fd736cb82cf9b6f663a2e255f4b1d4bde54351c4c2924ac61547dc62f5f9b54e9db497ef07952ae63cf03ffddd6655a60ab8f9acd01b3b7093d71a23de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
c6e328eccb1cf308a11142d0242a7835

SHA1
844c0a6706021fccafd5fcd5a10742c812f7a0b4

SHA256
fe0b3cdce80224a20f95c0b9cb2f8695f8d99fbf0eccfb82e4d57d53469d49b3

SHA512
9338d74694f3e9182acef36a2eb6eb61b4e2e37814ba4571677c1d55337e022548a3c818d8b21b9e83ae39281c766f9354b9bebf0402a94df45b257e94d9d64c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
551c1963594bc8e4518b45797f279b6f

SHA1
e974399cf6e49d9e8700aa84067043cc98d55341

SHA256
f7b0a511502dd52fd623c4d31ae3f358f09edcdc43c1ad0dc6e4c5a2dd4d684b

SHA512
e5fc7cb0be9b5b483d31921a3112f27237942260efc49b483e66daf42f43b3ef7a50eab5cae6b229b875a6f9327b8cf5949a60ff1c5c6e3aff922df9d6cf3a61

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
7a904001336d633179231abe1cc4167c

SHA1
1181a938cecf85a50723c1134aef21784f691870

SHA256
48ebc5b4a9474541a2df65b2d933ff46fe219d636c2541cdd8af5b93cf5def00

SHA512
7446bf87b37c1fb00d6c739039b0c5c59951168aaaf6b6f553539af13fe4273c8bdd7d4210b71d95c6e56ae8125493d09db39cded161bca4d4b7dfdec0dc10f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e38ba7b97dac6938970a88364ac3d8f3

SHA1
aa6f67f70704d82bb8cf17792dafeebb64e045a8

SHA256
d683baf4bab15e3c71bf50a08a743607002e5532d955e9e21bcb0a4af62a5f88

SHA512
3dd895473f4522317ce40646e607a306644e752503e0590364044a7b27602a48f12697b6084833b1bc1466ff371405a21fd47fa1ca8c6ccca5c33debefb0b922

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
2ae3fca4133f50a55ae1e22b95e31ce7

SHA1
a5557aeb059def8e7a82dff67e3bf93dfe95e906

SHA256
8ae64cebdc69091435616924f1f501f3274f46f861559b9480a83e4e40bffa67

SHA512
da9c60bd79528f4fd448f94684d95430cd376777202a7399e8bf80afb1b3b7f1ed2391dc50764f0d7956cf6ca09c23adee4fe8d91082351ce45dcce58b691d3b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
76b7fbcfc4b14e8eb6436444640b47be

SHA1
f423fae771a6e410b07ef663349716f512119ff2

SHA256
aa48594d92a0d0e6820a75b71e6a7a9bc41edd21a6e9ef673d5fbe489ec0564d

SHA512
c46bdf8a75a6d93002218c89b2d4407c8b4d06dce13956f75cb167e385cc5c27509218907750d3bf84aac0430be206432183b629d9e4645926e967cfdd7aa52f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
76b7fbcfc4b14e8eb6436444640b47be

SHA1
f423fae771a6e410b07ef663349716f512119ff2

SHA256
aa48594d92a0d0e6820a75b71e6a7a9bc41edd21a6e9ef673d5fbe489ec0564d

SHA512
c46bdf8a75a6d93002218c89b2d4407c8b4d06dce13956f75cb167e385cc5c27509218907750d3bf84aac0430be206432183b629d9e4645926e967cfdd7aa52f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
484791d63490163fd8e60eed49dbcb14

SHA1
838aec100cc6fbc9cc53a8c6f632cb58d96b9580

SHA256
7e49326efe438c418f33786c8845d7230a04ade689b140899cf3792fb74e02ab

SHA512
4cda842435b7887e8d7d1a395770a67f4c89ad885b4bd7f52dd94a8c0312dc1ec20a5ddd53400267c6cc5f18696ae03d495bf036a28a1be2c16ed8095e37cf0d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
435992999fa51dfb4154b561a37e0999

SHA1
5e754c7c509d538bf4e1405d4b7a860ea908fa99

SHA256
a56c6772c0ccfdea9faa3524a80aa5ee39cf86acd890d72b399f4db685484ece

SHA512
76d50c6310215d30b8e3b7e8aaa075ffef39fea26a90bc78c27ac619950f88c0c2b2f25d94ffc54c46481e72357083ee0863744a41e57248888eed7601792a6d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
435992999fa51dfb4154b561a37e0999

SHA1
5e754c7c509d538bf4e1405d4b7a860ea908fa99

SHA256
a56c6772c0ccfdea9faa3524a80aa5ee39cf86acd890d72b399f4db685484ece

SHA512
76d50c6310215d30b8e3b7e8aaa075ffef39fea26a90bc78c27ac619950f88c0c2b2f25d94ffc54c46481e72357083ee0863744a41e57248888eed7601792a6d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6c3e3750ffd8cf6442bb556a39305e73

SHA1
df42554a6961569010793c05ca0077ecbfc7955c

SHA256
446d306acd21886fbda62f775e621ab7de0d4c62255df3b5ecca03962f64c455

SHA512
210319691619ec394955c5c5e64fadef793660d5a40cd5a54e806a860b996e7a4fd724bea3b7aebe1b2e560fe8dcb7f6acabc841a7f5d15ded890a6088b4f4f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
95f1b7fd3039fac3f03211370a0cb293

SHA1
7092301c4e8471ac1e5e0968e240bf4d25c1fb3a

SHA256
f514dc3a8299d5ff84e93e9e9641aecf337525a37cc2afd9852ac5511e6b0532

SHA512
de082355e8eca00734969b940d83f5985e6b4a385bf9dcfb2b0e66dcd656902127f403c0225c7cafe294b1119bb1130bf727e5d074b39d5e6b9c00d9cbb33139

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
95f1b7fd3039fac3f03211370a0cb293

SHA1
7092301c4e8471ac1e5e0968e240bf4d25c1fb3a

SHA256
f514dc3a8299d5ff84e93e9e9641aecf337525a37cc2afd9852ac5511e6b0532

SHA512
de082355e8eca00734969b940d83f5985e6b4a385bf9dcfb2b0e66dcd656902127f403c0225c7cafe294b1119bb1130bf727e5d074b39d5e6b9c00d9cbb33139

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
bcdc8fadd2217398f29c6372c2ce41bf

SHA1
9ca2f953d4f6b5f1319ea0d055ba739028570aa8

SHA256
85ca381a246efdd3017a7f2c47c9360316e3ebba41cfabba8d781c54e39b44ec

SHA512
7f24c612dfea53fc6480a6e9518f12a42c8e9718fef38a1ff13b07fc4b34477f3f219ad86b012d62008eec8a52f2e53445aa948269fa1ead7156b78f12a8c530

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3893cea29b1545183dafdb60e23ebac6

SHA1
a7e21c1b11d89e6511d8593040798a277a71b8f7

SHA256
dfa0f80fd40d332f59e0e442a5538f577315fce1606b44184e2ca1d392c20e0d

SHA512
cba7a61bc79a8d4486adc4868a4deca4f7b39a64524d94ef07f2cdf26fb701c19c569d0ec6c31bb4cedbd236749b7686b4d0d03671ecd4ee48cf4590c6a8fcc5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
ce1692b344daa650a9aac19edf960729

SHA1
bdaa131fe6f5d2b331ce68f2bbc24e9842ed33a3

SHA256
2e444e7283d36cba31f03a3ed83c22ac9e5f536e4083c0c66d5f6b2eab3d32cb

SHA512
d82af5889f6b3db683990bc3362210bb01c3018b5891fd7aff5ca93a6b1291ee31e30de2915d7ec92e2429c2729e4b89f313411f302eecc497275766f2b4994d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
fef6c309d006deff1164fcda534358f1

SHA1
0f992a4856d8e742127a2addbe48909c5891c6a4

SHA256
b25dd5b95dbc7004d120f3f3aa6393e343544a9c0ec3036f55bc3d5ed2929545

SHA512
e8c62825cc19301705b55152e09a1bcabaebc880aa4a263d16ea9a557dedf636d03658ed06ab39900d1be96b6291bf63702ec17db4e18234ef2db13bc98b0c11

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
928a9d94328943d78bb2de6ec6cc01b3

SHA1
6f9a858d92d0ffa2f0d63ceb48d45735e9af0d6d

SHA256
19b9d95da276890b7c6c4fec572c40a6e9faf9cd9921446c0334dc2eb6d994d0

SHA512
40fb688ac6337ead6eb08825dd07da694c062b51fce8cf15469894903c4337f8f2dc54e9ee35fb991d86e03fc95fde419932f35006391235f19e420cc93d51ef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
91dfd5d816c70cd1a00f1d10f70cd656

SHA1
524c4fa649ff69a4a93d8a40c08240fcf268cf8c

SHA256
926e56ff901e7a18786790f0e42af182bb01df8bc1c38ee792fffc642705956d

SHA512
ee44c1620fc7719f0b5dce90fa80c3eb3626294868f4b238f1c6a4506526dd185d4d190d44c2e07ce4a8bbcc2ebc5d3bef98d4cb37107686d6e76564bcb284f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b693822b79e2cc59c11ac88b99f9170c

SHA1
5b257355c2509c2ad6bf3eb4440f689bed75b720

SHA256
a23e2cc4404824d0513ec49592611a0264829fc8225d62465cc831596cde077a

SHA512
ea9fb8df10ed295b162fb96253786c441a6eb4de6cef74e936b5c0889f0cea93673dce751362076b37bc27c384e8abf76413f3331aade546753b3e1a6a1fadf7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
33cb08dc9c0109b976fae2a037954dc3

SHA1
5e068b959c2138b18697b0343f30599c7c818f61

SHA256
a8493a7dfb028f8d069a41a370452aee2e8b4bda43791bd1e2c436ce2322119c

SHA512
a7745fee5add672e1a085c8b6f36db054d9b6deaece7bfb15cc5f827dceb7123a202493d01b761a5efdbb32de82ad8ef1ad5a000cfb53451004684c4b00b4c0b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
7fc4951f7a9ea928d15c95cfa1e19e44

SHA1
5a080e1d171105cd78d14f3e745e6ccc42398044

SHA256
1329f95435230a0afbaf4daf85ccb4715fa6cd62aac90bafd5d866fe740fd498

SHA512
83dc8ca80ce5ef44b3412c6b71d21a92062746ce913108b64ddbafd3b1c16df8d07f27e1d2d63a99006be9c598166ed47b265074fc638e6343e907fad88c87c5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0bf5cd4e14f0fb729ea79a024624a604

SHA1
187c36fa2eef86728ea479426d13c6facd9ce579

SHA256
a0a7e085240c530702e70e4cabc4083ff388f1cdbd921698f10f9c00db291f43

SHA512
608b5b88c8757342d9e9b065a3eb68345a6a43ac80d313586d92d679c946380197978112c46f5f1b46105f1f4b22f6913050e533a668b0448ab85a3c7b8a7d4a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
7f1940f5880ca01aeb5f76edddda140a

SHA1
a39c40dcc26165ef4a6726855e1d9b6d2ccd30a5

SHA256
58bf96f03d9dfa1d40479d419b3b67babe173e53e6c4985f7bd4c323721b9ba4

SHA512
b2c4c232d48c15c4cf933ccd91be8ad21946617efdf87a8c87e07930299581720e28118a2eea720c122078c558d761076d5df154aa9dae71c0fe4ebd3628a664

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
79cab30d20199fe884b065581b45fae6

SHA1
302fec3557caf327d3bfe36620b8cda99d2c1fab

SHA256
bc17f32aab82b3f9c52f2b71579853e8952e5a69d8a8caa8c6d531264b40eaf9

SHA512
47ec1ca00d8b81fd437aa65156dfb8e51ae836b17a19ca3aec776b81aca587754ca9e50aa3d5fe993fa088f18ee016304bb41b3b4343a657a4f0920ba0420912

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
e51ce8dd7d03aa2eb3141c879dba9ae5

SHA1
dd3545b0d0fb1bde032803ae64ccfa44dd4a341d

SHA256
2d737ca08375cddb46d579c863cddec1ce3bca058d2af6c0b6a69da7c5336003

SHA512
61cfbe678fad1ef960ad8bc3a1310f2a47e4fe90c00fef4afeb2201dc87e4c25d200eaaabe2b03fce8aec6fbb11b75f40287f715ac19c725d7089d44e34ca19b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6e9a8e28c57c2c7554cd4dce94192022

SHA1
77d4ca46aeb6f085c9116ed5382c61c5dab321a7

SHA256
1916e94e732e3bc64ec00d608478f6dab512d778d9c3f1088e88701fb23c8c39

SHA512
91012c5467c4c2172d4372490aa998e72b00478bcf8a50bb6afb5727f9c37757ae9454138133ae990908a55488b40f73da7f68f31f95df24cb98e899ee4a48d0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
394174a70a315cdb9b11ccb9c404f957

SHA1
232e94e086cb3e057333cac9d91b2262fb577971

SHA256
be5d0eb6f4f3cca91683196f287ed57c0e0d58baa115c8b18822c78d88ca9089

SHA512
a8d4ffb8ce3b6675dc0baafa11ce6090ad0816c3178c5340b95669245f9cd147f6fad61f0d1254a6e5bd312d7ab7194cccd8ba23313bc5e06ad786ebb7afacbd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b6bdf225e7e111342a4b6a8655f59673

SHA1
57c99f56fc1e8c68f5406d97aed1f6be38b72773

SHA256
6bf8be7c9ee9fcd7d4b21d7771b2ad4248e6d6c198bd443ab084fd451e01e3e1

SHA512
0e478a29b5af12363fc17a72690824148f921d619b7f4af3f8188e53512b3dcba1d0b564d9290f248103be0c1aa38c8df8b39a6559d8478c24cd0a5f9ac3cfd6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7ba62d36d5b10271df0fa0e01a7353aa

SHA1
a5e27a2b0a80a0046f9f6710b6ed9de564501673

SHA256
721863e7edb99fe1c514be16239cdf1ec3e4c6056214c69d4bd174f3d5a93e1c

SHA512
ad754dd325f0684872fab9dccdbe62b7282fc9033ef77a5e5cad33b4441a541e50f78aca863119a0d2d706312f65f1aab10cfa38cc6e9c38572704d22bd50b50

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
5c3c8b555201c7867ff5ec0bc9b14f89

SHA1
877e09a58eec58d90ba0c1203d7a9885ca18ea47

SHA256
7b72fbcd6c3e4c7e34afca21c2988f70186591a4afe73f7a2dd066bfae5760a2

SHA512
3bc78481d9975128b6f9c987a34c3172d7448dde5d91d9858a07b95317c2b5c9036fb1898c5f84f0d6d45f1dcf53c177c0e0d611412580a1d53259a3bacd71df

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
2.2MB

MD5
6992a4aa24f4bfc23c78d56e8156ef86

SHA1
64bea40d8c811846d007778cab05bd0ef8f3d60d

SHA256
23193e99ae0c77cbd69bd3115901af55c6609f332a3b10a7681fdcc316d51853

SHA512
46738077e8ea764cbfee7fb334d30f83e18665676c5cd5428c7cd9d40ebfb86449b50a7a683889cf341fe5b5e8041f63cd97e1415e16abfd3f6d6bf5b1f6f522

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
2.2MB

MD5
6992a4aa24f4bfc23c78d56e8156ef86

SHA1
64bea40d8c811846d007778cab05bd0ef8f3d60d

SHA256
23193e99ae0c77cbd69bd3115901af55c6609f332a3b10a7681fdcc316d51853

SHA512
46738077e8ea764cbfee7fb334d30f83e18665676c5cd5428c7cd9d40ebfb86449b50a7a683889cf341fe5b5e8041f63cd97e1415e16abfd3f6d6bf5b1f6f522

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads