cfa3db950476672364380945f25fe843f5644e3c8b51119796baf904c41ffa11

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2023, 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
Size

7.3MB
MD5

53f4d67d25411e81dc80d41d83a4da7d
SHA1

fccb90496f1f9da9b46fc436fb9079b30c4ee582
SHA256

cfa3db950476672364380945f25fe843f5644e3c8b51119796baf904c41ffa11
SHA512

55d59021c23cc4a07807d96cc6107b0bec3883eaeaf0a1f174c6ccc58e2409e60a0468fcc3df071a368ae3b742717f6ffcfe46eace6595aa20b587e4526558e2
SSDEEP

49152:gwi0L0qKQiIG0B8NIMI8Sfpwotkzaxc1OGz8B:ri00NIMzKpXOMGQB

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 5 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x00070000000230ae-136.dat	aspack_v212_v242
behavioral2/files/0x00070000000230ae-137.dat	aspack_v212_v242
behavioral2/files/0x000100000000002c-148.dat	aspack_v212_v242
behavioral2/files/0x00060000000230ba-166.dat	aspack_v212_v242
behavioral2/files/0x000100000000002a-178.dat	aspack_v212_v242

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Executes dropped EXE 1 IoCs

pid	Process
1948	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\J:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\U:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\P:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\R:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\E:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\O:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\S:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\Y:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\G:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\V:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\W:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\M:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\N:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\T:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\A:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\B:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\X:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\Q:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\Z:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\H:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\I:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\L:	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened (read-only)	\??\Z:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened for modification	C:\AUTORUN.INF	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\jawt.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423496939244.profile.gz.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\cldrdata.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\javap.exe.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\jpeg.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\w2k_lsa_auth.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_CopyDrop32x32.gif.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\rt.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbynet.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\org-openide-modules.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\jabswitch.exe.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\wsgen.exe.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\COPYRIGHT.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\awt.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\unpack.dll.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.exe	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5108 wrote to memory of 1948	5108	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe	82
PID 5108 wrote to memory of 1948	5108	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe	82
PID 5108 wrote to memory of 1948	5108	53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe	82

C:\Users\Admin\AppData\Local\Temp\53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe
"C:\Users\Admin\AppData\Local\Temp\53f4d67d25411e81dc80d41d83a4da7d_magniber_surtr_JC.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:5108
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1498570331-2313266200-788959944-1000\desktop.ini.exe

Filesize
7.3MB

MD5
38c0c1a164435d4b74c2cde750a7855b

SHA1
75405aad97960643587487c5d220eef6620094d5

SHA256
90e59dba304ddc7503a82b87de0a72d4f383888225011fcc5f5b64cf61dc79e2

SHA512
80a7dba7cb625bd50c2066bd555507976293c8c01b2face4324c39fabd7b8c91f87383b5379a9fdc4f8fe3c968fd832ae46a87e33ad00eb6c0d8e3fde6e8122f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3a07f2a248bdd0df678e3ee309420e0c

SHA1
cecd10654ef6b9b9d96f80d9817f19539573bc45

SHA256
096bec33f4dd6863d790c8c2898314c569d4f7c007b9176cbfda27e95850c593

SHA512
0806abbd1e3582caaf02935a7beaf896c862c854576f49ed531b69abe1f55755aac014fc88e7e595b4b84169e255bf809055be7e925fd1c79827757d3b8eff56

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
76acbfa6cccf2e1aec521db3786c53e4

SHA1
25930a88b7e5ac9e137c11108d498f15e3f09694

SHA256
7b636dc036036b55437784bde91fa37cdc9df85d8efc989576f6b9e1604549b9

SHA512
77ccfcf69be54cfabb1afd44043d494a5566ea3cc18733cd469f238bc953c1ce749aab5b48b30a88a57099cf449a40e34450be01c60182caad13dbac596a39b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5b94458532b11841f3a20129359221ed

SHA1
c22579507a50bb6a84b7856d73b570a5c4a69298

SHA256
129f547d8c145cb2ed1a1ebc2a43b80f1527eb4f3767548b5f74e7c9cd30e7a7

SHA512
cb04dd3ecc219bb371ac5220a8e9b621b80fa958b6dc08f8f6805cc481369896058cc97637b50a141ece92180f6c4e533911f028b02b481008f2f831addf8bd3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
df675dac7ebcdef39457861aea0a484e

SHA1
972bc9f24bee10f6d65712448df9d4fb27e415c7

SHA256
ddd7ff9255ae3ff61c6914f5dcf57b75ee9f991d64590637a58c5a7e9608ea35

SHA512
7f1e17a14709b5e5caa4b03254e0763d3b19743d790934cef2beb6a5880ff6fa541ecd9734aa15caafbacacc0c513a4473c9115120f88ac3d89e41620743396c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5d03e38fbb45dd313559797ba57c8863

SHA1
789fcebe636607aa33025f1942c024012b5fd3d3

SHA256
a0b1cc900363cd6063f210b2a7f63523d797b18f5f21435952d6ec0a40e7148a

SHA512
dcde642ed808a1b3ae7952090b8643dd058aa22398268b9859b7fbfb5a9bf42eb545556c3c8fdab50d3e65ac4cfe3ddb2ba12afca78615b3b7b1ffb15eb63215

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
c3586c3b8b0f45f0941acde3d954c930

SHA1
ab770768fc33f9f257eca5585352fe84d0bd2461

SHA256
0b79a36637df117b524e8450d56af749fd1036d6b8b66a9effa0b105dbe694e6

SHA512
46ca5cefb8b7bb8cb5491365e2ee99f1e3698da7c0ed93d32a77de98a575c6c21754f2e5f7bc10ce9b76503231233f7af9dc808c1f01d528e43f124ac1639a7e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2c8838d7af2b17b6b55a4de88b62b3bc

SHA1
37761b94122b5ccdd68bc535c03a64ad5151f074

SHA256
9aaaf6c162ddfefb4be6291ff24b36499c158b9d2563d1eeaad0add1359e2d17

SHA512
7c94a979aa58189d2e83a0c3a2f509916f50d59867389354c1f7e88eb6ed2d2fde9eecb975c435004e6b01e9c05c2fbc3547c1ceeb2b2e0a700df3593f885a24

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4fb4806be75142f584f0bb71c6dd450b

SHA1
15e2ea74754da549293d288e03ae6093bb246aac

SHA256
da1782f5478946adb83b8cf495689b7746cf330b1b9d1e8c99913cf85ae08a7c

SHA512
a3626e1741df3f7b80bf29fa7c66492110e20449e37abba899fba1965fbb7aa0a4cd5e28c1841a4f949db042043c19f18f978364903ad9bf28b8fc272ecd8f98

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d07f5974257341407ab2cc85e93f0041

SHA1
789cd60eed7738dde3c9cc6b14ba1e6a5c7fb93b

SHA256
82724d79574fe285549908d4f36ac9ed70ab8eb68087f3dda00f043a4c888757

SHA512
f3345db33c237d99e7c62b6c14390a212ace21ed545232d5937b31d7e24b745011a2b5f4dbcd894204208b93950221d94beb955bfbe039a0c6bc8b4ba4ef39ff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
5f64f1a81becdf07c7c860551a0154a6

SHA1
27c199d950e398b1e48325b4d2d7e4bfe22df607

SHA256
0c0cc345a83d0d7c97fad7bfe586747b8d46467d642ac2e4de460d99a8fbd371

SHA512
c9f504cc775c7cf12fa89295579639a9f93f66bbc6a010554623f5d62f0060361d3b24cbdbc071d0985b9cea9715fb4d3d4ce037d4acf05fee421112d784ca44

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
cb03b70e333fae6c18599b7894cf778b

SHA1
c467eea313287eff8ce9d53fe7ad61dbf664608f

SHA256
bf5b96a8be61258fb6ca8aff39ad69fa6cf2a754dd0e9af3e33604b0ea4a8036

SHA512
57c4aabc273afa3bb4bdfac8904ae3116297de20d5edb544b306e17d2eac4b8f9c5973328f6461327dbb2e04e1186109c14fe4e2cf8b1b06f3f2a7f9f2025856

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
f8a3d5fd4d0cde2b229f99c4f3a01595

SHA1
3aa852447b497a48118b59397dd2859ec737f430

SHA256
8972e3b72341adbd9b949c7e1c23820e02c06a985fa785a94fdbf960c4d394df

SHA512
63674e765447c1c7d4dad3ff49e95e89818d34ee95de1446d522b8c6c6409678dfd8ae2fa5b9938a643e2935844f8b07c8a86e8d1ad3060af4d10f4f08e2bbb8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6caefff2b1245cd20b1bea14ff81c096

SHA1
0cafe4cbb7e9f2dabdd707a09792e237c96fff50

SHA256
355b817f62f7164f097f020e983c90fce8418e90e8cddbfe1e000c00055bfc10

SHA512
ffe3468ba25c653c48dafe6bb21ec52afd787f8c78968dd7846dc2b89ca0cb80ba6dcac4f69cd6a4ab221fd3a3836476e9167bd2865c02a05268d611d78dfc97

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
dc31ac68f2e403e57daf32b6fc48dd26

SHA1
e4fedae924d05b7af486490d44c910956e8c724e

SHA256
7f33a3c2df4d583aa25b54b29c8aafb653af7d1823880e72e8224100d4fb368d

SHA512
c9385b9f146d46b6bb9164c5247f740fb0b6be358fb6e8dd50b3005f5a816846142064a15d31cf39cb81efe4130a55e9eb9779403c45a7e685da5a20e6b01401

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ffbc6976043b136e050d56490e366fd8

SHA1
b9b46cf5f3f4efaf9c1d55170cd95c828a628184

SHA256
1b4e612318b6cfdcb9f397710aa3bb7c3ea27636ac7b7b5c0f5d604786d2c94b

SHA512
fa97082a31b64ed9c71613071e2813387a9ebcffe94b5d2a881c4e779f93f702b4c2400088b5a4240b487b5590ed99977328f70653f62feb0a672455a768443c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
5bbefd00ec34630d8192053fc779984f

SHA1
f1c564b6251eef6045296b8bacc8fc37a9a1fea3

SHA256
3dec29dac11ea7b9372bfce8a52992fbb69b00fa9592a3ccb40f92354f54093a

SHA512
d5eed3980c285326d4ee3f60fcf56488a9c930747950fbc0499a8c89be4c6aa6033dfd01dff5c9a5ef0328f2d002161bb98894b19f02e9af601c3e59d6fc488e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a607e23fd74b31f9756c01d3e1591f61

SHA1
c3465bc1a972187c0a4ff1299d7676beccf292f1

SHA256
6f4f445b96e8ed290064322f6a2d9d2d3dad0c274a666a2b382b7b7879424542

SHA512
3d115ee6c49820f9dc70b584e042aa9549ca3714a603a769c13c4856f16ff1add1af755866106b6266a4f121364994b099a67f9f28ff63d354c7b76e01716ea5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
fd19610f50b37d93ab4da941b3afc305

SHA1
c8b62bd35f8d61c1aa245f83dc00a79bc0b9a1f6

SHA256
22c91d9c1042e6efe123c14b6d9b1422715c9a6556db59f8954805ec3e40d80f

SHA512
8b0c683d661667f3492e2e910e9a7fb9270a2ccbbbaed57e23ac21ac8dc7772b90d7c976778d97d557a468d8afad842658137ef517303f91f099f9617c459e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6b14fbefa6152054731f5bcf63245c41

SHA1
7e8cb22fef019bf44e00b902272ff7ec358b562b

SHA256
d4a900e600bd24c946e9db873faad0dc192c09c9812d10065e0f9cb33802b214

SHA512
25a9f4d5c66f96fa7ce101a7aff95d092781b2978289d15ff3d3c149ce41aa94c2b54593981170dcae5445c3bd47a187dafefced7468384ccc89c7fbb105dfe7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4a0ad4daef2be32ea882fb6bcd439adf

SHA1
ea1a6890be7308004efc9302ec1e54bed968cf4b

SHA256
12ba144e4661f1a8778ce0d263bbe97610f02baab4f227a9355325ce5c1dc3f7

SHA512
4b398839078ced4b83f9ecf8bc7f2a48c4b407e7eaad0867bd0f05f47dbc99fad1a5788f8eff5b7582ec6939935cd62bfc0934d15b4a1cc70db4259ad475b5c1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
407757ef9d48533079add8def7d33dec

SHA1
57a358e45cdedb7b2951632a43d1048d6f09cb2e

SHA256
0cc4fbe3f4e7eeb1d77f46947dcd9a26a8820ab25b4e6059d376b04255d1a66b

SHA512
5bb94f5e827848a38c5ec2db592ec18f8a42c705d965f3681103bb5b71094c67dd5962f3d70e425b01ed4853a6ba5d35f544911abccac2ff877cb8047b76e742

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
40728077b758ddff53fd108fe404d251

SHA1
a6347a83bda550f99c1d9084ec11990acfb6015d

SHA256
95f20a3127f617fbb9804d1da3cd358d2d8de953d7e7d6bcc80f8a14d294c588

SHA512
36c9ed2e1458ef6df4c470579313d85b9e6ca20dbbd983a0aec9d87d452949a3167409f5e5370081b60835a30321db7d03312f76bf924df673c95ac784991540

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
778ea2ef5835b540986095c623fee7fb

SHA1
327e83cd201731729d88570c96043ee343594d17

SHA256
1dc5f1d3816bcfb7071112459fb62f146c9bc01a524d87840dbfcd0f7ede1e23

SHA512
166376c70e6f410c553246b6c20577d12fbded56343c0dfc7b1ffd22624d7c7d45ad86b4b2e2d4cdad4c3e1248781874b6df581b4fc2532e21e1eb83cb231cda

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
93f4384539db8ad3edf9df0382a42278

SHA1
15c1a1c6079f1eb7392bb1f30edfb312261cf1d6

SHA256
956789b18f638d4d1903ac5d526515b2d59c713538ec62892a6d6a1c1c9a9443

SHA512
99245d21f425c2bb68521e9ddfd97dd5c093bd4d09882a43a2ef78edd916142e318112d4a8bb4e0121ce0b556dde187b7868f69c8fc5ac743c792fb9ad119b11

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ea6394d1fa53fa4a98db8476f041188a

SHA1
28462c7cda6b2eeb0adf590c94f7048c3907813f

SHA256
2e78ea44c6e6b2fa4ccaceab36f7d69f75123f71a2f9552afa4afedde391e876

SHA512
8893ce6fbfea5a2df3c720e2b6515521759f5b04afaa59e95f22fc01df0ffec2404fa79ac651458498b5352933ad7a5309322be24a2176cfa8bdae96bf216365

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
9e37ec2710faa7b510e1fe8c21abe637

SHA1
2b3afa12ac299baceb2d25f908967705ca622683

SHA256
92684db2470d0fa1a4640280dcfd7279f77a7ed4e673d73978fc169bc8182bad

SHA512
cead415522be421501a0b9e9970affea5b6d24673f6ab6c5eba57bca2c882984133837408b466f333952de1462b058a4d1a3e4e49d9ba06b7a1e480a2cb30a98

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e5a00c80525462ac1017d27c6213b15b

SHA1
815f16b459b92dd4060adb775821cb9c4ac9ec61

SHA256
405469b9f6531417a2834d89a147e73cfe5205057d2453acff652de8f31c7267

SHA512
3e9de5ff38f14baeafc7e0aabba99adbb2d20f4b72fa8fc34854f8b2cad490ae1cfe09c1ec69d85085e644cc72ef7b587cb3e1d48864c3cf331bacd0a69c5069

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
3854254192e7ee32409f414bf6f098f2

SHA1
5c3e61b007745bbba49ba570146d429d5742894a

SHA256
4e88745f7693a0bcc1a0ff45f586ae7f4d489921c712a4b2bbffee08dbf5d8e7

SHA512
8f09806393a911cb72f56705fe3150e8064cdfe87df8041b803b0ccffbeac4c46275280678ca1830b1933ae4894a15ff187cb4f91f38346e383cd134ffe70ab1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
67e2353e38a179c9299f44f9d0577cfc

SHA1
be43b1fe4fb53ef1ca2f7d4b43e3899842f672fe

SHA256
ba6321eff5ac093244f7da6ca278cd14450f080178809196b06aab8ea0554f51

SHA512
1dd26ab8bb115e717c8738284d6eb2ca5aadeebd44a0ac04c1046417254afaf3ed2c356ecd4efbda44e83c7bdb5cea2ff67b47f7c39330e41f1c9eb80c44adc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
b2aae6bd8cbf4cea7512da5e22d999cc

SHA1
b06558bf0141306f26e650907720dc3510942289

SHA256
5a7f90b2fb56719eb92f6e709c993b0a7ca08f97e7d7a214d6a0fcff56c8acdb

SHA512
9d3aa53173313812c1b9f2ce68743dde5452359780c667171b6d2336656068d0b771d117a108441af18bfb5d8f735f9b354979ce77fe7f75b510a021b54bcfd6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
fb468a0529f8f1bf87ef73e5972808c0

SHA1
2dfcd396b0d5eaec577cf9f6278bc21c94e8878d

SHA256
f2aa661a8486d29f31a2658a71ce76b494f0fc6f0b13bfad129fc35120be1b97

SHA512
40c744dc0bf90f007cf802333573651f90e06a95ed4a12327946703108c534dd4bf2b510cd221cf152ce6463de9af5167a18499a5f9d38a9f30b972445f80258

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
bdd0a4bb67af9568799ba88927637c9d

SHA1
a630531c8ccec8857e13af2f024e561d8d45acb7

SHA256
8fb93d2bd69d95d44c066b76867b9238960fc5eab6a0c0a1454118405ec6032e

SHA512
81f06762ef0bce54fb2ebe840bad049123b447654dae076b37ebd8c08600932311e630bb5db73e5f5ca1b38f33b730b6b6a70b1713f06fe62f1138719dcf710d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
35e497ad77d8d6a7e568efa239187b68

SHA1
2fd25a72132b53e22445b0b86d9b0583005035d3

SHA256
712720ad6fd88e38faea218dd058b80713e59807cf93ae65f4b61f91cebfe689

SHA512
1b5411e6fc92548c23e4af9380620f3b864613bd760a33514aecead51b07727685d6dc2ac6b7e82e83db9c729d0bd46b691e34a4589f223f17df8f8066f556c8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
b9692b62e71ebb0c2d570de4ebc10b1e

SHA1
f98b62216ff991ef8dc3115dd4aebb4f40a33641

SHA256
7d9befe1f0979b0535c2fc6b700a0195b99269e7b7fabebc84d9d56f5d31677f

SHA512
b72827a6a17881a41f3d84a06f5fb447e92e534bc4dee57621b1e52e9220c5e84210acf41992344444a6bcf0e737e3cc263f716676392f4151a27817442828b9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
b331fd014d3026da98a5b31cebf398ca

SHA1
8af2282821b420c7de3a26f0d406b05ac8b47ee7

SHA256
38a97380fe945e05fe7b2f5488ec92f6322fc2ce896b6f1921784057116e9f90

SHA512
243f3e6037e89fb0b42257c3edeb4a92cbaef68d41ed1da3cd0aa73c53eefb2ac9d049ced095e33714d0e8828b8d68b1f6c094f282e36d28a6064b033332226b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
682100403b70874c007be8b20bada61a

SHA1
9f6eb04bb3776c96d665e6c5df6b979edf6546ea

SHA256
c072cbc77d92f758ac9868155daded11ffb4b37145ef1a3a41fa9ae68012d0c7

SHA512
4366e473be94f393a9d4a46c50b3e9e498dba22ed5fc8aed31657dc856602295089acfe9e69f8c24d64eca5f71e189a16ce011ce1b484de5898c02468296ca30

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
7896f2d6f22573d90fa1a9f20c2a1ff1

SHA1
22341cea1f8b8b25910fff404286a6796023febe

SHA256
aad7df97fbed5b941fe4d552c567f788b08d547b383db5ca4083fafe5886cb91

SHA512
cd1b68c63b53fa44657b2acacd80d846be3f98a29781e7b1bc27eff270dfc68b14d318988a6c7e5ea7a554c0b8cf26145e20ca2cad64e00f9b2dd48b46fee60a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e4e5118018e6f350837ce3af2a8227ad

SHA1
9595380b174286fa66b695b8eec8cbdd232aa788

SHA256
31765a83c5f260963e0e8d613e69ec2b907499b052447e04df6d0e52065c2005

SHA512
9804fc34febeb0bf523eb2dd1a42f3ce6588e7f003f2f793247f38b8cbe5115cf0a79b420aa2661c452462276c6dc76615e0b4fc5ba64cbe8076965063f9c6e9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
7427b303fda9bb5337bb7fcfb48bbd1a

SHA1
0c13e590254edcaf10f30cb5dcd482ce45164416

SHA256
baf72c516efba4e233ef0d382db901fc8cc4e8555a2aba0ffdf35cd14f135518

SHA512
526ad19dc701a6a9ec83b8c46dfc86a201d9c7b2f201f69572e31ba701f604f9f4718070115dd887666de98353ee321db54b9ab2b80d62f3f7d63ce41c24de51

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c66ca96ae75c423e6a500f15515de391

SHA1
c8838f7749ad8ca5855d484d00d54a567e61546c

SHA256
9931370c6174141f2152ea7186d036188c671a3facc54e4486263600eea9b641

SHA512
d2e7159ec7d7698e4f18ce7033551a348b778f9e88479346318ab26276715d5e493a4233346bae79613d3f8a5526c060ebe90c8e53be82ce3fa053b4f36ea0eb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c76a4a171f30c7e4082c4569b33d0dbc

SHA1
a1762d05159be4d79e56e806d7a43e74d1d735f0

SHA256
e289954e9f8c193802ac53c377d1c2dca7e527012cd4ae9554b99743153e752e

SHA512
0c3ea3a41a4288df5cd7c19da24ed2e0330c54f215da7f16c61e3b120dcaa5b118172d45fab18063ad07d96b55f8271e92ff765703709e1b97d3b091e75e5d1e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
6964dd23ec16569373cf7a1fa8897a74

SHA1
43d376230a684383e51b60b25c6b9bcf2460dacd

SHA256
8e971988bf481ad95cab760cdd998db3390a9395aa733dd66799c6cc5688064a

SHA512
d26d4a7cd82d97f7cd726779b1eaaeadef425a1b36b29a7e9a447861ebb473de7868f7e5a6d5871c835fc26486ec51ebc0e0ead3a329a8ed302c04cfc43d337c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
68a7d307e3ac2a4b6ccbf04cb3d60028

SHA1
0b97333a65f9b1f92c0bfbb22b25257c5b9cd663

SHA256
d7203681dc4b661df28b79cb5cda365bf3d4d149e73e0004a14206d0c18271ad

SHA512
c746c7d922ae08a334064f3edaddcde976b56869776f3f93747fbd40b0c3a4d1858a8ec98ca87efb69bf4062f2bdb49cc61d6c902776cc99cf78dea17937a958

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
9d2e06334d3379424d1fecec22fe29b6

SHA1
5c4ee26fc23c2254db925220ad8bb646fdbb6fad

SHA256
b03658f7e8f9217ecd3ad0eca9d6a8fe1147fa5a84dd788245cbb45c7f0700f6

SHA512
3f4e244edb28894243b3c96696004ed6cdd4532cd75011a477acd3afddd4a21c970613e05067e98c71ca3ff0eb2fa27295d9717166ad148f0749e12884489c55

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
80f975c412354910cdce52a52fdb37eb

SHA1
f6913472bdc66939bf462abbc398ad004c92f4c7

SHA256
09d8eaeb593d7acb4301e0b236a32cc2d3404eefd3b270740e8d9e2c2129b288

SHA512
9c8b86a5a8947210ce85bde33529a4da16917d46e781afb845260e429759df13ee567760b98b31881cadfa58e4b5382cd8083324e3a980043302d7179bd714dc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
fe8125d55e678239cd1eacb70ef9d75b

SHA1
a01afd31ceced035f3d9ccf7c01c94b4d08b9d92

SHA256
0a0e6c8a9e2c6728f858ec5fe158759dade670c22599ad0988a4bda6149a1462

SHA512
397fdf56a19f906968d63ff6a852c523a3b14095da09430efd1919cdcc630273766193e11d3d3adba2d5fdb820e1f8422ac56c50b666cd900af79e81f232141f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
c3e965e61107dbc561b3944ab8468a92

SHA1
5680cdc5b955c36a46abccbdea7fd6b11582ee38

SHA256
f1763431cb6109a5291048a7dc328d3c1f24842d9f33f0ae54139d33f33a12ee

SHA512
3c07c0e55576be174516b2bb3e6d726d04df9e815d2d93b84cd295d9a3f8cc07855ad3955bb768dfa975577d720a6bc007d4a0a0882df86b4d59d894c4c96846

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8db267097e1064c534c1c4ce09bcfd61

SHA1
65f9080f7880c1676c6329ede6a51c85f3f8df57

SHA256
f90c0bc7eaef3719ccf84d138ed31e8f16225dcda8ef5beebdc8357f016c62a8

SHA512
082b028dcf655af9fdece14fcecdd229b2b0d4adb22e42ebd9960b09b34c5cd017cd3c7dec550be02d25600d7131e83dcb245979847cbfc649ca2c1532b67cf2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
a59cde4dd47e51563a4dc2f9b888d29f

SHA1
a2d02a8099b68bd16ad571ab2bc306a7bf887538

SHA256
b940bcddd20ab4851684c021a909b786a85c5b20beb7f00c409c99938717e1ec

SHA512
3b4abddea918b4667d7d7c750f2def4e7d3a1b9073e3a02940d12615a07d5beb7c6a0d4c4f3b2ab8bf81d4d376934b86fe135f65322d6bde4aa45e272862c0fe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
fabf76ce49e8fcb5d5e08d5df6d29a39

SHA1
6aeadd7a92aff53bf296b721df499e675e80c48e

SHA256
4543f95283209955fd97db7d72225715383e4591651fac9f8429d1db936d3f16

SHA512
1efe86b5609a8deba332d6205abf78d6ea59d93e4b09d34714494cf7dbd76a7c163bc25574d5388c9096e2d76008e06f47a21854b9c0a733c7b887b39725f170

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
35a4f59e40d4e0178ee9d45957a0aae1

SHA1
8ae4d84877bb75e3b18ef342c5b680f1133fe192

SHA256
e9de2da72d8de70383e4231338bfc965a1a6d58223cb7aee18a06bc58eab872b

SHA512
68438ff77c20ef0d36bb4724efc139a8b55b3728be952fafbdf0278113309ee7c5e0d13467ea2f3f26d9ed76ffabe264f3f89560e7e73ca041f7ec15a3e22488

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
569ddf36e23b090438a046de7984a8fa

SHA1
4d8a6964f4c30504c37fe7ca4174271e481a15ff

SHA256
99457875c68d56fdf4c6c52527ff9f419b0b9ab460133fed4d2df8819e443608

SHA512
df1474fc8c58e28db3b5e73fa283e549b5fc2bb1f06baa92c878de1c649df9df30cabccccc7b536da8eba0fa8baf80dd7486c6290cd42b06d852c0dc3722e1cf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
0bb4824598d8e466b03ae8407f5be841

SHA1
a27db5980811fb30d53e1bfdf25e6fa176d13d20

SHA256
38d8dd75d50caec633627239fc53bb9b5bcfb71b900a5fd36ae23d247381278e

SHA512
a1fe5d19deca91334de81876fdf937c432cf931cd8bb329c27f8cb095c5246bd3cf3b8559f7a9535eacc0d89efa3bbe723141a2b0f220b16f1aad347295c4e75

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
7.3MB

MD5
6632eadac8e7ba1ff325a797b7ac2f01

SHA1
4210c7cca26f41f838ba2d2ced3598f1365d0564

SHA256
018dca3bfcc63e36403687b1993d3fedf741228ae3cd28bf75c5cbe24a4c032f

SHA512
bf07547fc98f4d96d4801890040f9de6f9ae936cc9919c595388394070a29b8dc40461bb08775d2bfdf51ab4f20b51afd836fdbfb39d9ca2964052079f05fa5f

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
7.3MB

MD5
6632eadac8e7ba1ff325a797b7ac2f01

SHA1
4210c7cca26f41f838ba2d2ced3598f1365d0564

SHA256
018dca3bfcc63e36403687b1993d3fedf741228ae3cd28bf75c5cbe24a4c032f

SHA512
bf07547fc98f4d96d4801890040f9de6f9ae936cc9919c595388394070a29b8dc40461bb08775d2bfdf51ab4f20b51afd836fdbfb39d9ca2964052079f05fa5f

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1498570331-2313266200-788959944-1000\desktop.ini.exe

Filesize
7.3MB

MD5
1c9dbe766ea3be1fdfaa64fe9a50c715

SHA1
2eedc1bc8961f98aca27eaef9e2b005177c158d1

SHA256
3070879b88833b102dd4bff45a281cac202f5256946d0f186c3a73f538c9ddea

SHA512
92e59a00401d3f00012f043f3999b50c79bd749f22ff2500fd9e008d1363eecbca240873f2cbefdc93b0119708c5a24eab623622903a7d32d4e1695d9cb46362

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
7.3MB

MD5
53f4d67d25411e81dc80d41d83a4da7d

SHA1
fccb90496f1f9da9b46fc436fb9079b30c4ee582

SHA256
cfa3db950476672364380945f25fe843f5644e3c8b51119796baf904c41ffa11

SHA512
55d59021c23cc4a07807d96cc6107b0bec3883eaeaf0a1f174c6ccc58e2409e60a0468fcc3df071a368ae3b742717f6ffcfe46eace6595aa20b587e4526558e2

Download Submit
memory/1948-317-0x0000000000500000-0x0000000000501000-memory.dmp

Filesize
4KB

Download
memory/1948-138-0x0000000000500000-0x0000000000501000-memory.dmp

Filesize
4KB

Download
memory/5108-282-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download
memory/5108-133-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads