5b0441e323f6038785b1fb7e98799f083d4ab1f333c18c7085fdf50f77c09e3a

Analysis

max time kernel
171s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
Size

1.8MB
MD5

f7ee68b97bd38a8183e9ad6f6492b4a0
SHA1

46aa2be1a5066468eb44f4dcbbb8dfa5cd403bd5
SHA256

5b0441e323f6038785b1fb7e98799f083d4ab1f333c18c7085fdf50f77c09e3a
SHA512

0d465ea27b4f87ff108604a465628d957e7e82eb01b2631008870f73b424dd884002bed39ae813ef35fdf32b1c2f0ad2983c095625295ea27ab2356fedaef66b
SSDEEP

24576:8Etl9mRda1hSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvt:PEs1ckyrnF

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

Drops startup file 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Executes dropped EXE 1 IoCs

pid	Process
4080	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\S:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\P:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\R:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\A:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\O:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\T:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\Y:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\G:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\K:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\U:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\I:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\J:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\Q:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\V:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\W:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\E:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\N:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\X:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\B:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\H:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\M:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\Z:	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	C:\AUTORUN.INF	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe
File opened for modification	F:\AUTORUN.INF	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 4080	1948	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe	87
PID 1948 wrote to memory of 4080	1948	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe	87
PID 1948 wrote to memory of 4080	1948	f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe	87

C:\Users\Admin\AppData\Local\Temp\f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4092317236-2027488869-1227795436-1000\desktop.ini.exe

Filesize
1.8MB

MD5
bfc534c74d35ee5d430e7b950b0b3a77

SHA1
afd05d5287ffaa889d0155b840185045de041c26

SHA256
50fcba6fcd5bf118b05ba89e17ed90766dbe05419fb4c261a454c5ff18f193ce

SHA512
cf6e99bb3910c82b08a2861954356c2bf04e5edfe26434779a86734d98f1fd8321c4f9b764584752f854d144ef606f770b2879922d8e722ab8aa7636cc3e636f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3202f676fca873dd5207d386fdcc1709

SHA1
9eab408e9e66d47d5e06014ac758e386e110d646

SHA256
66f0871c430377c57a57a383555b6681a2cf41053bec23daab25467cab73e8ce

SHA512
4c05fb8886c54dab512574cff7fbd34cca09f5803b28a2dc7449fe2534a8e64c6d7c4a1e6c25aca7fc3f1f01b47b84f892722f5d17a9535a0654d0a5bea70e75

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
710252f3448b10472ad63302f3cb5ab9

SHA1
d5f0736ca1c03d078175ad7adad35187ba316355

SHA256
14fb322131a50ad6012362e77b32730a78e2bd3269b45def69ced6bdeb825915

SHA512
48fa923b56172b0b38b9350eda7397730b89131531ebc386cb7ebc0d34235fcfe7de8e60a4acbc7a7daa4d811f03378c664ace8c4b40f61d22a6430e52bb63b5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a8ca8800c3e8cac382bb881538651029

SHA1
e7ce1fd6cd4ecf8b0ad94b5e957eb1ee60b226bf

SHA256
2e2c16b7518a9bdb8a95ea8b3512b34447a69266308bc57c27604b708f71f768

SHA512
c5c96e33d69e5bfe038a979194fefefb027451c5ed3cff7ac8fcd3c45e18089e49ce9b5d6d59719ef93bac4856dfc9b0fb6d0b618c8eb732e26b0a3c517c3094

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
47e9e8fd080e3de189a8c96c514da45c

SHA1
779f407aafd7896c3b74e4e4bd9a335eba48a86b

SHA256
7967e9aae85243b1daf74f72b7af4c002411fc2a83340e916b110fd7b4f74537

SHA512
fe00609fc1699937af63d325370ee31f8ffe410a2cdb7aa226357b8bda54b99ef263771e4aa0a5aa90a5fa53a84f767c094e9a07eeb1586453f1b8f6ed568378

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6635374f1c1e0f668178ef15796749b6

SHA1
94158cba4ef4b7b92dadbb59451db147a20004b0

SHA256
b198b6ac14d024dcc6a13d55fde9c56a47fda75a31d8ebb1db8d5b8a92316fc1

SHA512
aa269ee2ffb13219627b974d5e17fd6cd046e843a76d35a2402e9cd553158d074bcb86a58874b0748a5359eb7adf18075f7c9057e4d22efe8c527d05f3804a50

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
15930548d90cfa9679542cee8ab5b4b0

SHA1
c1c4e2fb27239a187ed116743d667fe1b0d3f5f6

SHA256
35364ae7b81979f2ec01e8cacc0ba291eb65843720414c4ee0b921073d055c96

SHA512
ef67481dbd80e53668a133f433ab33cc9419ebba5177ea7d6a8ac933bc7dabe8973b2b6681d3ae9a8eefec41ac81f0ecb28275ca73fa6b5d0ebf82188245f829

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
89b0bd5ecce10dd20af87c00b09aea81

SHA1
04497059f7f948b92ef0c9c0f2d7593650f572bd

SHA256
f065fed1420193953b2bdd03024130cdf273177f04879f59153689482132e019

SHA512
88df23717854f4c4ab06d011e8ba5b1cb475abfb151a0ad065bf8b872b6916076d741b98ecd8800d52aa3d7f6622dd8c0519798b97d95d504491a33be67a1561

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6a2321fd7f67ad3172798061a3d6af9c

SHA1
5c1adbf98a5e8a49c5441d2fb624533897d628e7

SHA256
a3c4fc9b42363134b35956eb992086c6f257e58ad43ed08521dd26b6dd01d95a

SHA512
c33e5c4e3c104ee3e3cfd9ee89dfc97fd5f9781900f971d1a6b0cbab7304aeec53891a281f2a6d059448fa6ceb3160f244d91d8f6a6421fae4e89b3f52a7cbe4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
4787a3cc2fc4f64153d9334340d16e70

SHA1
d8c507b80d63645f2b254ebaebefdd8a7c128460

SHA256
efe4ca9b9d5205a7fd569838f7103b457d0bd504bed8680e3b781ec17f89a010

SHA512
cb5d086db30bb2a997dc2bda73d33d78bd0f84236bf032c479c8c302dcf6d92b2b880bf2bff9188a67d6f6a108d5eb1c07a0af3c01d50e05666db8d56526325b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b8e887004a8a6d70ded681f48ff20cdd

SHA1
7beb270c0ea9a15a3833eda06cebcaf320fa83d6

SHA256
dd8f30947162a001da80b558e46744e51bc4943d91d87ba995f382fa511abc57

SHA512
a92931c0ad8e2cd682455b40cb0c715ed97e94aaa49f417cd24d9b624334d5106b348e2aa6e6e2beebb0270da20db86a0cc929967fbd11d960e520475cde0e8b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
bb1c6cb33d142b1ca42bb649f9d88b62

SHA1
9410db99cfb8e638373eee01169449096fb016d8

SHA256
8e5b05839de97d53c54fb803f8d6ca5432a50efcd03bac81764b613783c6e3e8

SHA512
a72a6359785350f85eda9d043b032ab8ec15e46d83fa01c074b1922f5a1239c0fba089c3eccceb931665e81c1e0e22a2337638fe6859c063719479438b690f65

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
be39dacb7f38fe9a2adb8937ee6b4754

SHA1
7e6669464294f7ee0f4d86bc1d825098515ed326

SHA256
ab68d47220af7ff5cb59e5bcface977bb3facd141b4e7cd048632468cc78130e

SHA512
21c0a26dd2e3a00fdec23d7194c67496306e30670b9bd7489e5bd56141a5f71ee6ad4836a9cab40ca2ea1536a0116f01ecdaf2200f6bb5efcea9c12cdd830e30

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ddd8ae38008c8ebb1286589af89fc18e

SHA1
6026dc66fa023fda5b54cd9fb3177f5a5a5fe63b

SHA256
cf88e4d06d240c7f68cbbd8322e6da57b8d24fc8b1c62c8e10a526dc5fa141bd

SHA512
81419532d1bba587f57a68bfdfe30f73eb321b74bda32f5287cb8dfb3ae66c54a4b600f4d0094f6d1fdee625f99e81e820112ea2822c0aef71805e50533256ea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
8324e1ba3bdff83613f1a15c8b0f258b

SHA1
f99168ad9b8954f7826b41b361b9dbbb842c2334

SHA256
0c99fdcf9cd49dca51feb46a21a9359f079aaddcd1bcd9fefa21364bcad94a16

SHA512
18a674a47c9f02cbae03b3376f39b9936e5d961f5a769832dcc00f047a63742053220992a05df1c778a23043b86d024772b409b5e825c7f045f81a603930f711

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
799a34b885dca5e3ff5168deeec97286

SHA1
0cb3dff8560a8c486f03df2c8ed192a611ff9cd3

SHA256
7a77255f78da9e6ee1604980360c498133479a2689000296b4e6c93405f813cc

SHA512
597420f2aa4a2eff95f2d507f9389df209b030de675996d646d1401bc3885e6803bf43b646a4f8f801171a324690798971acd9b65b0698009495547c22609b84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
dc6b0b73814f2972d058bccf78e4eafa

SHA1
00f8c266c2de7f9a56c4e47db57f39d2088207ff

SHA256
39298c2d67f7a88103e260e96520cf7aab852d88985cc7444902d71781d332ea

SHA512
6bb6af5f8cb59594e0ba9cbd8037bed816231f9d59599b4e40ef70aa48bf1fb9ad6d868fc424fd3cfdcd26206bdea806d610b0d3f49894e60f019f45c039407e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1a207c7d671d704e5b101c57bd749968

SHA1
50e7f57c271bd559e5a659f73d24acecd3fbad97

SHA256
322cee39e82278120a9b0061cc0f5f97ee5de03da552c1f513a23527728be9e0

SHA512
fae241d638dd549422bacafb3c9d40633878bc9f3ed35165efa8d17446a153fa01e368c28b86c07316f1f4149c6c84cfa2b1a4077ac2cff70857f068f627c211

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
092d293c012e6033cdf12d2da7441872

SHA1
1ae34b10e244c64db715fdace7a32bae7d9761c0

SHA256
7c4bf91f069cfd55a9020b3a6c33a28ba1a97f8378e671476c4ee404f7cae7ee

SHA512
0f51b425343fb224ec525f518441ff00d5df45263d6d1a9be105dd6245904cc078eaace277f391ccb15aed6704bd96aa2a1da9c36a04b0acae221e713fb93ddb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8a44d2130f3ce5e4428194b080383909

SHA1
5dcdd05abff16b1c19016978041e83a3244c5529

SHA256
f0de3d0d164a360dc1d1fbbb12bcde1e2f9e75c9ee9393b776090e7edae9fdc1

SHA512
7b65ba0b24478052b9148aba6c9e99a1b697a275c05f4d2fe859ca7e668d8d3fb0ce3b8ddde0c028e69c18f9595895fff930752a05193db1a8c2425e490dfe78

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
49bd9b574d671c6289b5b1b55d6a5abc

SHA1
9029167028f1c1cb941dac52270a67b5c16525f4

SHA256
a13487ca92b8d9382ebe8a2a364b6cc6d3f45d88c1d0971270d089d477520cf0

SHA512
ebf58e1689ef894f8f1128fe19c41fb342cc478c2aeb4b26f631509ade7bd3593593511480c9a12b505ca151eb57cf4d384f2d46fbd8711707ff8031c601dddc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5806552c133aa77e02b85cba05de38d7

SHA1
27e02e035eb5e245394be157196ab3edcfbc8433

SHA256
fef9a9ff7f794066d5bab250ddf5f59e25512b3ea60aad2073d1b17f4ddf0c6e

SHA512
36e5f08766fb5d19c3a996914abb2feb8bd5e36cef0909ec0269cc65a84d14fc92aa6eda8062866b60d330505e0df5f3729035e0803debc73b2ba487c02b7a61

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
2a75271c496830c90495a4b6f4bec751

SHA1
69e12b96ecc18cc10f9da79eb608d49cc489c733

SHA256
fcad4c22790eec24d3a8acf4182ff2150fec12d97b4a0f5925b41558a4319413

SHA512
761f7ac43a5237cfd59e4af03fc7fd53ae6f577bb3d78fc2e9708c2d58a44b1e8590f8377f0e3a8b0cd5a6688017b9b1195a76c55d8d1f2ee7e9bdebf8c078b7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f00417a7d4731b45e936f6bbd4397536

SHA1
c3040e94fbeef342d0a40d9bcbe47453344790e5

SHA256
2df1296b95e8b03d2244d067200c857d1028504e183a386fb48e7965255bbd10

SHA512
ccf12a8ea5dde82bf393734a7fad86c5f1d4637af100c13ce4b321c8f2a1b545dbed6efc8e4810f19a3fb021a26ca88c85bec7f51ffd2e8ad73a9c5dbde35891

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
1e6f8ddd8360f6a5790d2a12a130b4c7

SHA1
78f76b3c1c9da48b994f4e1b7da5a28ede0b8ceb

SHA256
c58fc516f15e8bda692c48ae6e3921779ec95bb3dc6d01fe3488dbb1d6e85593

SHA512
96e24e33c6950f6fcae47818fe65a6e0f8d02941c01cc24a51a7368c6652a798acbd909cd3883816f1ea09799d796696b2fec478245bb9ec9411e2843f4d6e8e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6f8af7cf64589670c3b73641557e9e49

SHA1
9a8280a112561ad8437b4d4f3f6eaf6676df9a64

SHA256
95dcf0f3ce04183615f4e1ee06b590eb76778df922645bd2942972c4bf311ac4

SHA512
cc890c0279c4ef56cc6aa0d82f04fbd80ce6131a99baf6f7f9137b9add87d365c11da534b2042c8764e86fead0a395f1c6d84c2adc5167392a298824281fb61f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
42f3617cc28152d169dabc984e41f16f

SHA1
7cff41962ca92e5fe4e2eafa53e064ce78847c9a

SHA256
a452f1a6e4cb727f8eaf67e88090b107c697420087b7f08fed9b16ce87278ad1

SHA512
9113806756913520b6f451fe15511b67b57e3aa407a70ff30913fddec9de7e5b69bd7a51527af0eb3a986964bca5819f6c7cdb109612524d940b3dc95e46caed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5b74c1c58ff2acc567b2e363491e02b6

SHA1
0668fdd4b508fabc17fc50bd5e71bb636028233b

SHA256
0ec71129b8a6b63c2e0842db7de7fc52aa9e20110e797bc13b6e470702937242

SHA512
4932066044182cc16ed19fa07ed9feaeb4c749586d588795b02289cbaf61f28dcc557ad66dc342af6ed85aec3d165d6682a35640e9e3b3040ad7dc1b6e6cfb54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
8fa0839eb99ccdc684161fe80fe0ed23

SHA1
cb65f46f0e0f3f1f701df139c7623f72b3bec25e

SHA256
78d3329d05e2625cbc382c0931df9c3221cb3d4a655c878ed0c6d73ff73d9a7e

SHA512
8ca09ca06da39f7d91663876ce97f549a6e5626d688e886adc8a97e7ac1aff2e19708e0a0a49dd9830e87a71409fb47bf48c0fc5c4b2a78f9415568ee2b7020f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
64b0b296fbee5f0bc842e9478da8d474

SHA1
7719663ba04f4d75e5d4e3e9831cec84802a985b

SHA256
e6df710a0207269ff922f874d0490e084d26c0aea03bc05ffc0f5a3535c2dd28

SHA512
33e6e9a832e528446a1146305ac93424c90152fc5d425feb4644945895120a4ac673310d23352429b492bdbf0f41543089ae0bfdab8e34acbe59bf1d540219ea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
3f88d4c2b1b70d5ff71cbd4bc111b543

SHA1
0b66063a6ccab250da9bb82aac38dda3b4525d7f

SHA256
6dec710e7928c8d348116a2201e1220603d50a00dd46daa0394fefa1c4003860

SHA512
a296fe1f83c5b3b0d49bcd7099ae3bdbd8c359993c46d0e8bedfb0f83aa38b1d99744472ee64d264cff7a7a3c6e778dfc66be0a21be19bb0a02c6b14f17b05a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4aefdde4c9ed2c6791cc41dd207c50e3

SHA1
95d87aa082003fea5ccdddfc430af605b6fc2085

SHA256
bccab222b68b31d5c7d591b9461dfca596824b98b986470c754175ab4c8acea3

SHA512
efc60a4d3295df8ab366be2bbc4a63e14d6deafc5f4310b223142aa05f89b7cdf7987e4760acfdb40a4e466e9f6557933ef9c2f11137cb60684b4f028d96348b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
28c8744d66c4dba121e4816821d40652

SHA1
8917f9c0af0716dd03bd315af631a8dd4e600053

SHA256
ae035bebe2756f9a08a948b049c1715966c10f879393fd4fe0ad9ee2a018b4b8

SHA512
6cd79f8d11fff059998c00dc4c3d7fa2b21fadd3b286181e1202e559c6baafeeda00d06651d9b065557bd8cb954a56161ca5738fc18325fc7371c91bd73bfd83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ff38bcc0d66ac1b315dcf3537203a170

SHA1
503649c3e73f6df6b4fb7ee60b359675ca5cd629

SHA256
c4ad282cf2b97ddf1e0b308ddb4c66b84c1f6cf100dacfd278bec52a336f7c5e

SHA512
da8f9f647007b94f65163466251fd8031c63f8c4f7b979f4deeffd5c5850fd90e86ed27320127fe3e03af139adbbb8db524c5e75e7f29433b7c50a3467f4f532

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
eadc51f602223f716afb993aee905f1e

SHA1
9a8d1d2c88aebedd188c69bac40b8d32f44fa608

SHA256
625c5a53567168563acc7999f613057fa5359d04fb4f63bed12c2e815df61ae3

SHA512
fdbedbfb7e04cb61d73c664e63c49c8ee0c119144d599906ae091a0315e7b4ac179e50650d89b06b1f9b6f092016c9300fe00dbd3b6d1d01a18414f7d6d74172

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
66092ab1803912ce4d48af22b7231825

SHA1
7731aee51ca52de521666a76b3fb49bb96947920

SHA256
4bde55e3e7206779c24e7bc70872aed9cd84d33524675802deb55d1192b8e835

SHA512
9a01d49408408578459e4dd64acb78d6a15171b68e2949661de812b401f77866ced0c3984d2069da2bd7db8ef65465347d3e0f0016e1322b07eeb3391573a0d0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a90dc64a61f80a152a2f624975c09605

SHA1
85896daec670515e362ba9b4b6d7109428825c32

SHA256
31786d4677cd59a5ae82c465ec344cd7e248e9c42200b16a2ba1967bff7b0219

SHA512
ac3c381ee28b0746ca5602a879c839f07c795eb789ba773a621c73c5ffa75c24e15fae031c611ec4e8bf0f18d2be4867f3e6856c662bc79a573efcaed255abd1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
c7d57526d8c79d68d0b0ee7594e00ba6

SHA1
0c93230d02f34850d6b62353b2876d213ee4712a

SHA256
4f02eb6beb09caa0417f9bcde07e979442634022d854e083dc5be0f1b24086c9

SHA512
738a3e3290347087a4497d4efe716f1a094896fa132948fd9135448028bf8a3188a1f36348e018dd279ae0ca5bf2192adb2cb5dbd35e9c4d4d39890efa8f2568

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
94b49cc981cb5d0c4a69bfe73a1bdb9c

SHA1
e042e0ebeb9d5f9c8c9b1d3037664119dca5bcd0

SHA256
48fe6cf837ba188457c358b7614c41dc5798e46267fa1a08a76e9f64fa09ae42

SHA512
541e93f9f74ab5b987a3b3e4279b216d76a361863f0ec3666e06c5eeaacd774adfbd5479dc3b1e59f045dccca23cc6d0a994535d4ef6ee0b057ec097dd245bd9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
26828105e169357801ba193093c7aeff

SHA1
460fd4b281b2ca99859df2adc32ab9a76ba5417c

SHA256
abe6e3a477104c2b4603ad8a803e012a0dbc625b4932f92c5355267e141fed77

SHA512
52e10207c4c848fc0c8bdcd86671281f4ad9d5efce8def45ca506b96bc779441a26e4ed3ec042b585cd12074e741047a4229845e9d16a575a51833cac3ac16ce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
99f898f316e4597ee61944eebaf08553

SHA1
42d37884f3f445cfba3cc36804848a171ca52211

SHA256
3c6e3de3512c75d5151b8a5601428f8146aaf12354b39919e26377788bdbf9c8

SHA512
0e890942c4096d78bf96c2b7444e741373af7f37f5e57551d30fd835a819f2b8914ffc326d3edd01aa1911cee5c216771a99eaa455e85c02200a640f9a533064

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
49ce2568a3bbae4fc00ec03b18156750

SHA1
203aaaf7f50d2d4b4a861c4b81b99f864721f0f2

SHA256
caf1707a656ca29d0edef81643edd59e0afb466c1a4f055fac8a49bf2c6ff70a

SHA512
535bdfbb41dc8cd4d2fc881f5160b8b8ac569da0e5b5443dc92493461ad022b5b17949f2d5662c46634378fc70c35fc4c8b5751aa9e39be13e2234473e78a4a2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
9d59933aac887546fa56f2ff532e68a9

SHA1
e19210db6b020fe6b4ec62cabe819d164a102112

SHA256
c09c1164b976138c95f86242fd10a6697b12d029ff4fffe5b3132e2e76fb897c

SHA512
231cc37359a3e4d45b58d22f58eb6e87487416f0a2492e91747e20722e644d3f36ab055a723c000c48e962ae8a8107b79459b491da8c73043c2b064c07638eaf

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
1.0MB

MD5
e8c7e0ab6a42c3440ab70c426105e52e

SHA1
9dd8596b8d9323d5801fd159315f3d32020ae78c

SHA256
e5ffae00f7e5666afbd8c7efc22599b45de70ee9984f4f06dbfaedc118b486d3

SHA512
cb98b8b9ee01b99b1c1775ef8aa5c46af0eba44ba304c989fe148c5a90381d1ef9ae81aca76a1d307f7386922da0b5ccebecf3c8a93e6d6011c0a82ae96fa551

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4092317236-2027488869-1227795436-1000\desktop.ini.exe

Filesize
1.8MB

MD5
be1840bc7f3d7b8c1fb3ab61384bb5ce

SHA1
b2c37faee650dfc8f9f13cc997890c68bc2f9d1c

SHA256
8bb6b7dd41d601bca2ee6e7ce30437bd575df208baff73ef1c29e2fb5841f482

SHA512
0bf00f5024cf25f5aee5fad6926cf2d3400274dbee67937ce02a2243f680298bd46669c2f5822df1f06bff28a3ca3a3a7ed096a6a7806c62025c16d122f16696

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
1.8MB

MD5
f7ee68b97bd38a8183e9ad6f6492b4a0

SHA1
46aa2be1a5066468eb44f4dcbbb8dfa5cd403bd5

SHA256
5b0441e323f6038785b1fb7e98799f083d4ab1f333c18c7085fdf50f77c09e3a

SHA512
0d465ea27b4f87ff108604a465628d957e7e82eb01b2631008870f73b424dd884002bed39ae813ef35fdf32b1c2f0ad2983c095625295ea27ab2356fedaef66b

Download Submit
memory/1948-0-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/1948-56-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4080-57-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/4080-5-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads