e30bc522aba78f8b77370ee26cb7af1ae850ba9b81a8b746ecb744ea1c57ef29

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
Size

790KB
MD5

feef9b3b087ffda97e872d02dbb3b6c9
SHA1

76d74942ca320bf3fe3a9931c80a352b420a7660
SHA256

e30bc522aba78f8b77370ee26cb7af1ae850ba9b81a8b746ecb744ea1c57ef29
SHA512

df2cc87a8a04933ddffb36775d463ac7cb28f15153e782f06c7740f0175bdcd3bf6a94273a9f7fc611dc6105c6991d45e07e54d93d3a215352e22ba624d7abf4
SSDEEP

6144:ZiMmXRH6pXfSb0ceR/VFAHh1kgcs0HWHkyApOhP/SgljwRwdX/1H9kM2AfQ2C4e/:zMMpXKb0hNGh1kG0HWNAuCsltHw

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x000300000001e97c-3.dat	aspack_v212_v242
behavioral2/files/0x0008000000023362-33.dat	aspack_v212_v242
behavioral2/files/0x000100000000002c-15.dat	aspack_v212_v242
behavioral2/files/0x000100000000002a-41.dat	aspack_v212_v242

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4632	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\K:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\I:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\L:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\N:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\X:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\W:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\Z:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\B:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\G:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\M:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\R:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\A:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\Q:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\H:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\S:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\Y:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\V:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\J:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\O:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\T:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\U:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\P:	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	HelpMe.exe
File opened for modification	F:\AUTORUN.INF	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 4632	4500	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe	84
PID 4500 wrote to memory of 4632	4500	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe	84
PID 4500 wrote to memory of 4632	4500	feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\feef9b3b087ffda97e872d02dbb3b6c9_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4500
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:4632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-355664440-2199602304-1223909400-1000\desktop.ini.exe

Filesize
791KB

MD5
4df5ae55953b28274aea921485e27ad0

SHA1
33432c14bca6f0015ec099730c7c041d9d53f01c

SHA256
9075e1cedaefae6b527b03abba894c09ce15d2ecf11cdcecd2d3295f27f90278

SHA512
169ba59f1847fc529f2f481d75bbd81aa40da891521d3bc67d3166aee07e55514aaebf645bb71c77ecccbb964c1274b5ffc5bfe4870bf4c0b4c5e3b9f1e61938

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
939ea5abf10074a868ac07aaf2f9ba7e

SHA1
e28f735a38818e6de0a193d4a45105b56571ab0b

SHA256
e70be1a1bb3211aac760a21db7f4cec3e06cf7f29955843324ab090ef885638f

SHA512
edab614a71f49591e885d6088c6276e1b06a8d355e6f194de748313b31300297435b4cc96a52c0a2e7fdc772db082931d940ee41a6c669a9eb01288731562e52

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
360cf3fb6e0bd25f4a8954816d35aec1

SHA1
acf37391f00b5c279e8cfcae367b6091b26679b5

SHA256
97702ca8bd6543101f2b6b9c9a4910c6953f3983aa781d3e5b1c2f60c9d13f9e

SHA512
a15136555f4053e3019a50bd3207646b008a747a31fc9d0e18bd35a528699d15f89f13d4ed15e0b7eb298d17709ed1a1c7d1acbb6578870eda10e75a10aebb9a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
418eb656c99d1ce9390f6f9571882c9c

SHA1
81ce9780aa8168b3e2c25f8ead320cef1e8ddd6a

SHA256
b127d503f6e155037be7047a150b5f01c13a170c5075e4fdf207ad46547cd595

SHA512
2e56068646304c6d0cd1a69a14c410ffba2f3be7af1dfd2873008dd95f6ef05e6809b265346e2809e872b7fe50dc50e15977710e494c2529f6e29f586798b50f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ab2efbc183b15013835a85886ee0a2e3

SHA1
d688d9c76445b5b26ae41a4816a90c4ebaecafe8

SHA256
829cc17ebb01092971da00763b1f6fb5af3485b6514809218eeee5f6f8f6b722

SHA512
7478bd9cd816c4a35c1937f1d78e5172ddc1fffb57ee59b00cf852803a56f224b30ef2a36c103694dbafbb7b8bb5e4e2fe69737eb137887d64d93da162b35404

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1d55dd51b7d734613a49f5522560c774

SHA1
9ec74283deaf2153ed828cf7e26ceb0b3c24f4b3

SHA256
6b928ad17e9772c2dc5313547cea006d2c3a81f04fba1e64046ecc942f9095f3

SHA512
52251728d2e89aceb97f3679767533615edd864f847d3771e044e725ff27a6454caceb228f1cc3a300a9a82e9c1ec68fd80c9ae91c05c8194f3ea998a6b1bf78

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
cc2bef6f49b5550a6e83624e56756b6e

SHA1
4b62b18c413d51c268fe13a2c05cdca8b4d5bce6

SHA256
449a385a2194ed7cca3fca4c93c5cd94ba2e5757158863d92e9f5738d97bb429

SHA512
0e0374f3279091f309f034f36743b9969b5f5ddacc518aaa11333da68966fec9c5b22e099c23beee07750cb49aa041757c79b593a0f3f81f97f08a6deb03ef1a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
9542738657808f516329591bc5396db5

SHA1
ac06a7631a573cc741b363fd522f26f09b822614

SHA256
4f7a84e023684a1465037b1cad0d8a14b8074ba1420dd6c433fb63283eb750f5

SHA512
1adad0671db310130f03ae03606f87a8177bab30086db25fdb449a9b81341e74a9f0db9c9bb13014a08a69e8e820898a1683a3e42d435523fe26798a6f77d848

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
edd3975889f75274e29a1a0d19de2e20

SHA1
6df18fd7e219d4ebc936162bffc19544b7add7e7

SHA256
1ca2ad8045a84751e8763ce0f916fbf21d3d3c77ed39bba59ac16eb47be2223d

SHA512
24008ee4651894a8fb294337b1f4dad0dfa47bdbb6d7dfe10c912a905d44b63532c5097e4e997955e49506e8674e89ec68060a89a8b4e5ce124ac882d9ca84b7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
c3f17067373aa00a82bda67798857e0a

SHA1
284f98aa73b68db8a997d4ab03c449874cb6f823

SHA256
4df3fb6e99aef0ffd907704c3427ede767508ed5c858a85f7fbe47d4fa7060f9

SHA512
d965780e15cdb0b2a44d8f04b6303b57a81f8296af9a9d4a3edb57a2fad5e4ad974d924bd1613469522b45af09ad38ad4013f356612ce8d9c5746d29e69df06a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
da81c081e319432fce4f04eb7de01c7e

SHA1
6964bc25d7bd2b0fa1109599dbc0bf0bce54d3f5

SHA256
8c627adcf7257e2736e8a662e5fee6311b5f3fd719e60325b30df5946eab8f7f

SHA512
973d85390450f31ca020011a6f9876b7436f7b4b57c842e9df1768c99c38e7133404c068977d7d2d87caf0ca43a7a9f5fa464c70f32875027f936763ad3af468

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b0688c3fc896623be52e0d9a4901be31

SHA1
680459b38921d0ba14356ea621046ff1c205291c

SHA256
8cec4c3c68ac8a902033c5316b05b74924e89b9705ec065c684b35897b6a6ea7

SHA512
9ce7a1feda42dcbbe851a7b9c8d27d79ded0dcf5e0214ac6f951a5d208cad94eaf7f66f86da8b59190f01db72560b426d8106e6d794c307f52a95e94f04ae5ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7b28ac35c2cd62a2fde47a32ee92e6e9

SHA1
5d5f604707f8ad68574ed822fa350c534e668832

SHA256
a394ed63637ab36472e0b6f2883c522726cd3c6ce05c6cdf5149d148232b805a

SHA512
b31b6509b734b4ab0fce4f6c5d1fe3857a878a4d1a98a73c0eb121360cd8a81815ca9ab3df52f58688752429b2c640d0439ce3ec31f70b4e07ce36ea7bbeaf26

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ef2eb0a49c0c345b41edb9701ffa9b37

SHA1
5414b9cdd3d8af54219d47c1ecee2a66f17ca507

SHA256
d42158fdcda3a6c5bd3c16ec42bfab0c027419a446229ee6d927ee1413e3318e

SHA512
492e8d216931b5a77514ce10f4150f64f3356d11dca1bfdc52fe050920c578ecf18dd5d244492f936b5d2b3b00d6b1bccb5e5f563ba6d71ee51e205781e3ae59

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
896c1f99191f6de6443b2293e25aba79

SHA1
714077365eda3fb5fd11a6701d9cd333b653b220

SHA256
ce311ae8bbd148bf503614d209dabe046fc9916effe07328d3b764a00b99344b

SHA512
9c5389e0ddcd7991ff32add873ff5ab0d9b2bc983073d14a6dfb65c7044710fd1d80743c08e31f121ddfa01b1098b648a86d291ae7da1a2179b1d620e9b4a17b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a4dc9a4fcbcc667faae345f7218544db

SHA1
e79d30772c79e03c347a28719c06a665f239b5c9

SHA256
a1929121d7d902244812affc1159582acc30cdb77d248a41a220bc30cf6db7e5

SHA512
02bcff8b348b5cc54dc3ba0316eca45b6eaf8dd79b14aad7d2c06943ae7cc998fc0f7353d82440e3e50762449ae647ab3c349ea006ca96039c58dea60063e016

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
aa52c8c927e32fb5ce5711402aa99e9d

SHA1
1fbf4e0a5dae2ec90ca2d332aa7574e17a3fa1d8

SHA256
95f20439d6657113e74b968f6314d51db574a8c943e55c3f0c4ff631930b5c9b

SHA512
19771da1c6e5321fd195366fb68f184c1ae314738d66d9e24bfda7b05b2d26925ba796f4a587cad150a5d6bc24c167a42c4f9f7645193ef3c7522486aa75ebef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
2903d15bba88190ff822850e4fc1cac6

SHA1
930c8407f2b88bf577654dee4d5b1311c5aceb81

SHA256
895fbca3c1a52e9bb4742083d1be8874fd4932f625b2b0529023e81b8ed09e85

SHA512
23a971671b7700bcc83f8574ee51db4ab0087902703103ce5561fd294892807e79d0aaa7cb1beef39e8f2fb488d85172838d532a7c1c8dae995df6f4ab7e21ac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
15fdbcd43f4ad5685ce5195a3e346870

SHA1
1ca04b341210ee15548e7652e03974b7cde1ff9a

SHA256
33d1e49e439142baed628cb7c9e0fc55cc23e3f4cdea439df26be11d15689bb5

SHA512
6d6bfb95f7d164ef288f396cd8b8000d96a6a68426588cfd546298241c46a7012c9394d0042f7d9f61533fec682cf2f5e9ea81be334d337e70770fafecc1f859

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
480636a9caf320af13446d4eb48efa61

SHA1
6b9d4bc7fcbc2ba2d3b557a576c3fbfcd3bfe9d4

SHA256
f26a9646d13a6c8191cbf15120c9e5cd8df1901ff914a575f6abe2bc31cb66b8

SHA512
f61833233ef3177c9fc75d2911290c1831a5cd4c19613811f6f3c337124dc4bb7567e82b203a54ff312f759b36a192a55a9147f1f9a9cd1dc62ad705a83c1cdf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3f9e1a7862f13e06a6c01d4fe35deb2c

SHA1
be8c38f867acd35d320823eeb8d32e16a5e162b7

SHA256
4015df2b658db409e72ee109b7ef21a306fff3f88bc6e18b100c88e1e9fbc969

SHA512
fd5fc9e34dbd19a39954745df608542390d542c98154895b631bd957cef73c48cc664ed598c37dabcab66a8179dd93741a434d0082c9a2b159976d03df196060

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
fc929a05473ac7d7585776b122672f2e

SHA1
56ab479dc6d128088273688b15900b4a105e71f9

SHA256
ef0bd2bd783b34c0a2cf04a2b013782aa6555c413b8a98c4d4034e784bd78de7

SHA512
d28fbc57ea8d7671e2cca5d4e61a2919b6cee9b0454bc35a4140fa52a3cb02cc188e9ae62e5ecfb39f1b7013ddeddf83c4de0c4476fabcf11c3d9ec10e474c7d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e10b882f7ef7326eb61bbe7073ab0cc1

SHA1
04e58e801d0e40c0644e06af8ed27d16b975542c

SHA256
89dbc9c2b203ede5e16dbbd64e23ffcc900e5463ba5952e0925191cd8c3d7559

SHA512
7c1a3f785c4b4e49c472db24763935541bfb1ed4ba4fcc23204ae4508ce2ec63ef2bc97a3bfb669d7683c23af130952abdfac2ab7972fb647aaa0c5d44b23193

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4d731635ba6132723bdab8466ac3c097

SHA1
f6962d41927d421bf25813528d34d8cc84c48018

SHA256
fa92c295e547e73dedb02ea815333db6162ab362b4a4fbd620a773f4a412e49a

SHA512
58cde9ebed1af52cd5f3593b650dcef2b916174dd0946b1d39c4a39d8ebc775544ed15fc0e2ad2362b6982990e54d6a75e30bd4897a4380721c7faade2c12a88

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1077f40d4bcb44830b5d2d1631739d22

SHA1
24f10d2c030581607b63412fcc3ac71ed259cef4

SHA256
2dba4a8ecaacde1ebf8acf7de426b959a006e37c15e578e45daee179ca5b04b2

SHA512
db4f3c3336b49405ef01bc611e9fe68ca702b30188c4fb730ca0288b17e8656666d0a9ef0a71b6e1115739a4249dd91c88a32e076d5377e10a035f8ab378a336

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
40bba73cfdf52deb2a1286e8ca9e0d2d

SHA1
cd6403370a2a53596e584916b4bfaa42c0d126cf

SHA256
efdebf8726f57fb342b9b7bd8d49a94f1e16c2c0a7a75f020efb83fa8d8f6e7b

SHA512
145cb1fed4cf78b2f8b7e50306078813a7d7ce7fe65400076ec5d1d7b5236ca0dcc1ee18dd726bd2bcd58ce5e5540a435159d828cdcb55bbf03472305feb9cb3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3986fa5c3f5bea4e7ae6f2ebaa7c9417

SHA1
4c3e7eb88078a6541553a91f0c87368245185465

SHA256
610bf9ca11bb78d37b697b6dcd1cb0b1ec1c3a807464c1534382163618f6b385

SHA512
e8d3e4e856396c42a16596d1f6c2974b76edd603e605aa1d85c3628e9af84688093ac8bc19f92cd9c26017b070a23db23a3f4877f2749f2e9831314244c68cc2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
25edf2dcbd731322fdac1961e0d12677

SHA1
6d0aed7088230f23dc4e8ca3bd203135f2f402b3

SHA256
824bb39519c4caca334655ab0853fd1b7d77448a5ef541e5dcf9da1e33b9295a

SHA512
e7e1217e175ebe6074a454e7bceeedd68a85ca08d3fa468c22b189fbb9d75ac3eb6fbb843da19fdd1783fa8077476503c737da3ea3671e36bceb0fa2215e70f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
199f4f608fee599a2224fd31ee388c63

SHA1
3292122131582ec9628704f51e49753685034a0f

SHA256
777c119c4b50f1f8a91efd4e08cf12d8b0c16dbf6de72d8197739e436f705a7b

SHA512
47147b901251291f8f6cb0d31476f79b7f4ae8f655c723c2c6587ffe7578a5e05e0572121b5fe94f85878c7e4349e4f090cfdeba4c8193278f2b92d788ed7c29

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1667f6d4ab5b54f9c1cba612b0337dc0

SHA1
a851c63c7cb72e10fb5867571a7a48a5e4f93778

SHA256
473c40a3d757945c11bad117cb8bd49dd4ed33d8665e3129b2fcb18f870fd62d

SHA512
ec87b970e33c201b6e4fe5a024b973094377393a6eb1054f4b94551e6cfd8c19ba9e15f4067c24deeb0c508269602892500cddf833117b9b79835d9499171047

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
689c91d92e5d436b4a093d4404e85a66

SHA1
5fcdc7f2f176592f749f4889f84b61f82611c44d

SHA256
826d676f74105f0a429b296cd22612f40aec6538064f87541466ff5557e25aa6

SHA512
2d76eb88df406af814e8d3ce3c2704f8e3f7a26b96f1c0d7486e746a1ca9de7cc73e120cf31465f711ab02ea1444d8ac1264195105a48498a268535f31d4f805

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
788KB

MD5
4cf73dd0e9f0f8b555a8f5c67aefd936

SHA1
f5e705770870db7b9a3355742b01b5ce37b6e5b0

SHA256
04c46f5fefacf2ef0fd642558f198a28417a63023ad4750856696d745999afb5

SHA512
bbbb94d7ae8829d09f039f0edc3213f1629f380f84faa38d210e86d4ee4c041615e21ca2b541fbe4d6cc6141745c39790557024a0804e28c34fb30e6bc72752b

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-355664440-2199602304-1223909400-1000\desktop.ini.exe

Filesize
791KB

MD5
074bfee12ef9cf19424dfe977a2c3f66

SHA1
995801b0b5c0d28a21a254e602f8f3bc1e4ff5ab

SHA256
b6c02ea11085f1f4f2034dee6e2eb3764255c4d3e1cf53a3b151849f2940d4b7

SHA512
bd57545eb84d274718461e2d0c741f93ad0af47d740f87c9b8e3b579b202856cc9244abd950ec197b62a048b8aa67e278efa16b50c5cf2f77d694eafbaa3ac3a

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
790KB

MD5
feef9b3b087ffda97e872d02dbb3b6c9

SHA1
76d74942ca320bf3fe3a9931c80a352b420a7660

SHA256
e30bc522aba78f8b77370ee26cb7af1ae850ba9b81a8b746ecb744ea1c57ef29

SHA512
df2cc87a8a04933ddffb36775d463ac7cb28f15153e782f06c7740f0175bdcd3bf6a94273a9f7fc611dc6105c6991d45e07e54d93d3a215352e22ba624d7abf4

Download Submit
memory/4500-0-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/4632-5-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads