71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302

Analysis

max time kernel
188s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
Size

186KB
MD5

6a404f069b1a1ff1d027a7b30f6ae6df
SHA1

c452c73fe28ae0374c879e21aba68a0575e2984c
SHA256

71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302
SHA512

15da397c5413fce271013ea78b2e03850c5d4d2b329c06403542a8872333d129bdf89281ba05457b3952b498aced53d8d0fce62cee65fe2d5b42cf3170cc7a10
SSDEEP

3072:rimsXXK9HRTOeriRfP6pXfSb0dspqc5oY0htVFAHT11Ual21Cxcs0HKAH057kyJp:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HWT

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe

ASPack v2.12-2.42 28 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x000a00000001232f-55.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-56.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-58.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-60.dat	aspack_v212_v242
behavioral1/files/0x00080000000126bd-61.dat	aspack_v212_v242
behavioral1/files/0x000b000000012322-62.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-63.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-66.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-69.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-72.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-75.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-78.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-81.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-84.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-87.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-90.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-93.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-96.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-97.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-98.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-100.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-103.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-99.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-107.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-109.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-112.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-115.dat	aspack_v212_v242
behavioral1/files/0x000a00000001232f-118.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
1712	HelpMe.exe

Drops startup file 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Loads dropped DLL 28 IoCs

pid	Process
1784	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
1784	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe
1712	HelpMe.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\W:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\Z:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\A:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\M:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\U:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\Y:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\F:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\J:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\R:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\Q:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\V:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\G:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\I:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\K:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\L:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\N:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\O:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\F:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\B:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\H:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\S:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\T:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\X:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\E:	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	C:\AUTORUN.INF	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
File opened for modification	C:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 1712	1784	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe	28
PID 1784 wrote to memory of 1712	1784	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe	28
PID 1784 wrote to memory of 1712	1784	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe	28
PID 1784 wrote to memory of 1712	1784	71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe	28

C:\Users\Admin\AppData\Local\Temp\71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe
"C:\Users\Admin\AppData\Local\Temp\71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Drops startup file
  - Loads dropped DLL
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:1712

Network

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3385717845-2518323428-350143044-1000\desktop.ini.exe

Filesize
187KB

MD5
093d07f7a55c6f93327918cc01b1da79

SHA1
32430b15b56fd63819383c282b7a4694f55d9d5f

SHA256
6b4849652e7388933122962b64932e7f32912442784ebf26a501d299a3a9a2bc

SHA512
4cf752eeff6491ba44fb32ca61aa61956caca808561ec02cea8b6f721d377f5ab9652bb15d330273fd64516e0d9fdaabafae762cc98509ea2d7e1b386f8f1276

Download Submit
C:\AutoRun.exe

Filesize
186KB

MD5
6a404f069b1a1ff1d027a7b30f6ae6df

SHA1
c452c73fe28ae0374c879e21aba68a0575e2984c

SHA256
71c5d63a3b7c7c3e975a48f5aee416c9e33341c50020f97989f61cb96681e302

SHA512
15da397c5413fce271013ea78b2e03850c5d4d2b329c06403542a8872333d129bdf89281ba05457b3952b498aced53d8d0fce62cee65fe2d5b42cf3170cc7a10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
992098bf451c997125a0a1987018dae8

SHA1
8718aa2caf87c6f5d61f50668c272c75af3c9eca

SHA256
10924e9014b9e58dd5bd45c9651db179d8627f4cf08a7209280744a5e835f76c

SHA512
c2a6b84ca9c95cd7da78b6cfffd062d4896d9b243acb99551bd07d30ea7924dd3a240681ca4aabc3973cdcc99cce51919930c2579e3869a3cc490b37bd338cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
cde9f122302964d1661dec350a520c05

SHA1
bf212380895d9bcdecffe0bb2167bbe096b03147

SHA256
1382b39d033dde0bf72fd629735f3324a3e2016f77536eea2fee340f07c44e18

SHA512
f3fa2e07daa00ece3319ff30fb712ca060dcfcd2d6918886c58cefc0ca8fc396164c909ee04354b9ba731411dd438ead520a3423297bce8433269264668dcd0b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
992098bf451c997125a0a1987018dae8

SHA1
8718aa2caf87c6f5d61f50668c272c75af3c9eca

SHA256
10924e9014b9e58dd5bd45c9651db179d8627f4cf08a7209280744a5e835f76c

SHA512
c2a6b84ca9c95cd7da78b6cfffd062d4896d9b243acb99551bd07d30ea7924dd3a240681ca4aabc3973cdcc99cce51919930c2579e3869a3cc490b37bd338cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
a49e41e0f431928992966c4c23485414

SHA1
6e33db6bc930b097a7d1285388f749a77e70e738

SHA256
f057d90eb4c74614b3af12e0104998807405a1463ed73d20b3b33427ce94a4ef

SHA512
da4ed716621cc4ca43762b8231b652bbc748ca97fccbbe9ad31c3c2fa4c957b92eb0a6dbea38c1f8ae116516864e07b3bdfebfd6456fab3bf737b08441a65418

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
992098bf451c997125a0a1987018dae8

SHA1
8718aa2caf87c6f5d61f50668c272c75af3c9eca

SHA256
10924e9014b9e58dd5bd45c9651db179d8627f4cf08a7209280744a5e835f76c

SHA512
c2a6b84ca9c95cd7da78b6cfffd062d4896d9b243acb99551bd07d30ea7924dd3a240681ca4aabc3973cdcc99cce51919930c2579e3869a3cc490b37bd338cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
a49e41e0f431928992966c4c23485414

SHA1
6e33db6bc930b097a7d1285388f749a77e70e738

SHA256
f057d90eb4c74614b3af12e0104998807405a1463ed73d20b3b33427ce94a4ef

SHA512
da4ed716621cc4ca43762b8231b652bbc748ca97fccbbe9ad31c3c2fa4c957b92eb0a6dbea38c1f8ae116516864e07b3bdfebfd6456fab3bf737b08441a65418

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
992098bf451c997125a0a1987018dae8

SHA1
8718aa2caf87c6f5d61f50668c272c75af3c9eca

SHA256
10924e9014b9e58dd5bd45c9651db179d8627f4cf08a7209280744a5e835f76c

SHA512
c2a6b84ca9c95cd7da78b6cfffd062d4896d9b243acb99551bd07d30ea7924dd3a240681ca4aabc3973cdcc99cce51919930c2579e3869a3cc490b37bd338cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
992098bf451c997125a0a1987018dae8

SHA1
8718aa2caf87c6f5d61f50668c272c75af3c9eca

SHA256
10924e9014b9e58dd5bd45c9651db179d8627f4cf08a7209280744a5e835f76c

SHA512
c2a6b84ca9c95cd7da78b6cfffd062d4896d9b243acb99551bd07d30ea7924dd3a240681ca4aabc3973cdcc99cce51919930c2579e3869a3cc490b37bd338cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
a49e41e0f431928992966c4c23485414

SHA1
6e33db6bc930b097a7d1285388f749a77e70e738

SHA256
f057d90eb4c74614b3af12e0104998807405a1463ed73d20b3b33427ce94a4ef

SHA512
da4ed716621cc4ca43762b8231b652bbc748ca97fccbbe9ad31c3c2fa4c957b92eb0a6dbea38c1f8ae116516864e07b3bdfebfd6456fab3bf737b08441a65418

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
992098bf451c997125a0a1987018dae8

SHA1
8718aa2caf87c6f5d61f50668c272c75af3c9eca

SHA256
10924e9014b9e58dd5bd45c9651db179d8627f4cf08a7209280744a5e835f76c

SHA512
c2a6b84ca9c95cd7da78b6cfffd062d4896d9b243acb99551bd07d30ea7924dd3a240681ca4aabc3973cdcc99cce51919930c2579e3869a3cc490b37bd338cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
992098bf451c997125a0a1987018dae8

SHA1
8718aa2caf87c6f5d61f50668c272c75af3c9eca

SHA256
10924e9014b9e58dd5bd45c9651db179d8627f4cf08a7209280744a5e835f76c

SHA512
c2a6b84ca9c95cd7da78b6cfffd062d4896d9b243acb99551bd07d30ea7924dd3a240681ca4aabc3973cdcc99cce51919930c2579e3869a3cc490b37bd338cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
a49e41e0f431928992966c4c23485414

SHA1
6e33db6bc930b097a7d1285388f749a77e70e738

SHA256
f057d90eb4c74614b3af12e0104998807405a1463ed73d20b3b33427ce94a4ef

SHA512
da4ed716621cc4ca43762b8231b652bbc748ca97fccbbe9ad31c3c2fa4c957b92eb0a6dbea38c1f8ae116516864e07b3bdfebfd6456fab3bf737b08441a65418

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
992098bf451c997125a0a1987018dae8

SHA1
8718aa2caf87c6f5d61f50668c272c75af3c9eca

SHA256
10924e9014b9e58dd5bd45c9651db179d8627f4cf08a7209280744a5e835f76c

SHA512
c2a6b84ca9c95cd7da78b6cfffd062d4896d9b243acb99551bd07d30ea7924dd3a240681ca4aabc3973cdcc99cce51919930c2579e3869a3cc490b37bd338cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
a49e41e0f431928992966c4c23485414

SHA1
6e33db6bc930b097a7d1285388f749a77e70e738

SHA256
f057d90eb4c74614b3af12e0104998807405a1463ed73d20b3b33427ce94a4ef

SHA512
da4ed716621cc4ca43762b8231b652bbc748ca97fccbbe9ad31c3c2fa4c957b92eb0a6dbea38c1f8ae116516864e07b3bdfebfd6456fab3bf737b08441a65418

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
992098bf451c997125a0a1987018dae8

SHA1
8718aa2caf87c6f5d61f50668c272c75af3c9eca

SHA256
10924e9014b9e58dd5bd45c9651db179d8627f4cf08a7209280744a5e835f76c

SHA512
c2a6b84ca9c95cd7da78b6cfffd062d4896d9b243acb99551bd07d30ea7924dd3a240681ca4aabc3973cdcc99cce51919930c2579e3869a3cc490b37bd338cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
992098bf451c997125a0a1987018dae8

SHA1
8718aa2caf87c6f5d61f50668c272c75af3c9eca

SHA256
10924e9014b9e58dd5bd45c9651db179d8627f4cf08a7209280744a5e835f76c

SHA512
c2a6b84ca9c95cd7da78b6cfffd062d4896d9b243acb99551bd07d30ea7924dd3a240681ca4aabc3973cdcc99cce51919930c2579e3869a3cc490b37bd338cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
a49e41e0f431928992966c4c23485414

SHA1
6e33db6bc930b097a7d1285388f749a77e70e738

SHA256
f057d90eb4c74614b3af12e0104998807405a1463ed73d20b3b33427ce94a4ef

SHA512
da4ed716621cc4ca43762b8231b652bbc748ca97fccbbe9ad31c3c2fa4c957b92eb0a6dbea38c1f8ae116516864e07b3bdfebfd6456fab3bf737b08441a65418

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
992098bf451c997125a0a1987018dae8

SHA1
8718aa2caf87c6f5d61f50668c272c75af3c9eca

SHA256
10924e9014b9e58dd5bd45c9651db179d8627f4cf08a7209280744a5e835f76c

SHA512
c2a6b84ca9c95cd7da78b6cfffd062d4896d9b243acb99551bd07d30ea7924dd3a240681ca4aabc3973cdcc99cce51919930c2579e3869a3cc490b37bd338cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
992098bf451c997125a0a1987018dae8

SHA1
8718aa2caf87c6f5d61f50668c272c75af3c9eca

SHA256
10924e9014b9e58dd5bd45c9651db179d8627f4cf08a7209280744a5e835f76c

SHA512
c2a6b84ca9c95cd7da78b6cfffd062d4896d9b243acb99551bd07d30ea7924dd3a240681ca4aabc3973cdcc99cce51919930c2579e3869a3cc490b37bd338cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
992098bf451c997125a0a1987018dae8

SHA1
8718aa2caf87c6f5d61f50668c272c75af3c9eca

SHA256
10924e9014b9e58dd5bd45c9651db179d8627f4cf08a7209280744a5e835f76c

SHA512
c2a6b84ca9c95cd7da78b6cfffd062d4896d9b243acb99551bd07d30ea7924dd3a240681ca4aabc3973cdcc99cce51919930c2579e3869a3cc490b37bd338cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
950B

MD5
a49e41e0f431928992966c4c23485414

SHA1
6e33db6bc930b097a7d1285388f749a77e70e738

SHA256
f057d90eb4c74614b3af12e0104998807405a1463ed73d20b3b33427ce94a4ef

SHA512
da4ed716621cc4ca43762b8231b652bbc748ca97fccbbe9ad31c3c2fa4c957b92eb0a6dbea38c1f8ae116516864e07b3bdfebfd6456fab3bf737b08441a65418

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
992098bf451c997125a0a1987018dae8

SHA1
8718aa2caf87c6f5d61f50668c272c75af3c9eca

SHA256
10924e9014b9e58dd5bd45c9651db179d8627f4cf08a7209280744a5e835f76c

SHA512
c2a6b84ca9c95cd7da78b6cfffd062d4896d9b243acb99551bd07d30ea7924dd3a240681ca4aabc3973cdcc99cce51919930c2579e3869a3cc490b37bd338cd7

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
\Windows\SysWOW64\HelpMe.exe

Filesize
183KB

MD5
b4e0c14a9d003a1b53b27093a5d9f6e9

SHA1
fe03590d74d9cb1137eca3a7a8b9865dd5487377

SHA256
a63b25b5c9a9f8b2c0216a71bc150e61b1aa41a5c3707bc9f17506764a382d89

SHA512
d25035fce7ce4d25a5fa3b2cf81eefb699bef513472045c9c5c70af1dbc603dc00dd7706c38af4c60cdc7cd8757797ffef86314bb3b49df83a7a589614526497

Download Submit
memory/1784-54-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads