46b6cf3f8fdd8b3b32380411837cb43077ec564129b628c621bbe7c9c0fec454

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
Size

488KB
MD5

fff5749a07ac1fea91e0e51a34c16189
SHA1

405c93c35057e275de8f1d852b5c2fd013ac451f
SHA256

46b6cf3f8fdd8b3b32380411837cb43077ec564129b628c621bbe7c9c0fec454
SHA512

9ca4245858d8211ef6c54648edca774efc81710717bc68bd60cce3d17f289255582759bd3a08d72bb95b7dd3b0ec55906b29b253369798f360cafe02a98b04d4
SSDEEP

6144:ZiMmXRH6pXfSb0ceR/VFAHh1kgcs0HWHkyApOhP/SgljwRwdX/1H9fYavJiP/:zMMpXKb0hNGh1kG0HWNAuCsltHlYz/

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x000300000001e9b1-3.dat	aspack_v212_v242
behavioral2/files/0x0007000000023405-33.dat	aspack_v212_v242
behavioral2/files/0x000100000000002c-15.dat	aspack_v212_v242
behavioral2/files/0x000100000000002a-42.dat	aspack_v212_v242

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2736	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\B:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\Z:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\M:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\Y:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\E:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\G:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\H:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\R:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\I:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\O:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\P:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\T:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\K:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\L:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\S:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\A:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\W:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\J:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\N:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\X:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\Q:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\U:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened (read-only)	\??\V:	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2736	2644	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe	84
PID 2644 wrote to memory of 2736	2644	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe	84
PID 2644 wrote to memory of 2736	2644	fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fff5749a07ac1fea91e0e51a34c16189_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4084619521-2220719027-1909462854-1000\desktop.ini.exe

Filesize
489KB

MD5
3b5bbb1e0b65a6638f465107e9cc5629

SHA1
5560e275e77626cf7480016cca74b183616b3e52

SHA256
66170e21fac3eb4e3bb3b91c794578f5b920b1d01c2297eabf5d07025f2d5be5

SHA512
1cc2c03bb4612ea949ff44aa70e11aaead99200ee511475c314b1816f744a738a725874c47e3f0f62a71b46b3a93c7844cda5eaa3a2c1ccee272491d063eafe8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
6751a3cec683da9d36f7b521e4fed247

SHA1
3272e1a38efb387e46177832d53dc8302a47464f

SHA256
bb0dbf7c536f3416bb64466e246cbabd34db00afc0b3a5f38e888caa629c1ce8

SHA512
c4460d812bcd07edf63b238c600d2b715ca737a9d4d45d4d803dbcf0f8a62aee8f281c065cb908a7fb402e30b160718761478938cfa7450db0688e2787ff78f5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
65a950ff74eca612fd085424d8b6ec9a

SHA1
48ecc7962139d71f8e4913d32b4e91b6a43420de

SHA256
72a43a2133788e02337a3fdbe5214d7552eb5779fc6f9e83638514b6f0fe91fa

SHA512
d976419ed71f47c7048c739db6034d31d8694685d8c370687a44ab5bc5ce5c127967d791b8e5355e0ddb8771586df03c64148351b2c97d0861851d70359ca5b8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
4383ed6481a1218b53107fa1a8369ae5

SHA1
ac7fdce809b5e3d3dbf0056bb8ffbed5204c1544

SHA256
578d3cc5663a88d37a305bce852988903e89dff52af088f5b167206859362a74

SHA512
02c3dfc71508960070a04e37083a91ec6f0cb58bdd1dd45478a209ec751b33105fd6509010f331cecdfa0b416de1427d45a57b314a92b357b6eebaf9fe9f692d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
006e7bcc5a4f6d2b3c776eb134a26b71

SHA1
801073372777ee860607b105d71e089791dc3e91

SHA256
795b765a91463c74d31f98844dd0d04738c5d4981c6e929bbe93ca9dc8f29a43

SHA512
0085da6e36b21207de1a1199f4c681f32ec11006a62bced1257ee05569b8e57de7a073bc69e0c04422ba893f33eaceb99c95e2cc37104e94c175dbeb5f29de40

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
3137f3994687d14ba4b4b740c5be55c6

SHA1
1ad6316229b1ea87897dc6fd377dffb6a2bb6706

SHA256
33d8bce663679f37f27b23c4542e85aea1360b2382c997b2d0e2f449d735c01e

SHA512
12be17e03ccbf38e7d69a2eaf0f38312fe4491de9ccee4fd060c51b4ceae985a88dc14100832c62f4a505d3566769074bd5888eb8e1bdf7230b19dcb8f21c364

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4ebced27923e0631e21455c6c8cb0a92

SHA1
aa874fa8689d776afe59fc21af788af6adaf235c

SHA256
2afe67375e101b87d51bb05279ba8d0d1e5b14dadfd466c519bd4911ba948d7a

SHA512
3296a22e293657f6c3517d4a7efbd688befa6246bef492223d888b92bc256ea7c9c6374629e77699224205d39c9a2c90092b88a949e0193f203bac544af1587e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
60ec5385231d425fbeb0b082372addde

SHA1
5e9547b3714ebee202ffed0c9f668de536f0fc8e

SHA256
1b5e7d8ba148666df020a18f51531b9a8808f66d67d1de4f898f2505ad9df118

SHA512
0fa22d47aba0f73b9785725461a3bd73b659e339244383dba124980b8b434f62c6a775b9bf63ab1fb5e161d8a78c4e9eafd6da125e86be78fb6de7c009439bad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d9548f047e8495aedbe65d99c2754fcf

SHA1
c90042721a9c863b757bbd4332ee895f5f0b90b8

SHA256
d26c40d59cca349c3686898b6dac307deeb58cb925ca875511af45b7af7ae2ab

SHA512
9459fd5a69fcde7ed9e2fa9f253282053dbff9de6214a386c6492f9b0c4d47656c1fd92cb390bb3b42a432c38b513f8bfcb63574974ec0b0054efc1f8fbaea1b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
23a9a4ed148dd1e23a5fef47ac3694e0

SHA1
d4ed7932afbaa35ff6f7f237a81ae03432bc456c

SHA256
9cf6ba7f9ab1242dd493e463824f3ed6b8814b6ca3bd7d011c31d1ac08fea8de

SHA512
9fa9ca7b0ab9e297b36037a991f39ac291f528f9c351db987524a3c37c2f843c9205506747397804937e01fc7b639efe3a31f5e496e0478c28131402628e9a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
9b17ddd5b5b1af1e5e8ba216cae82045

SHA1
7c58f90e362dcbb82e361691257860ce547b35c0

SHA256
a942ea4799d85129cec3cd7626dcef9d8ae4f8683f0cddeffde2cf140cf2b1a5

SHA512
48cd61de7008b67135e076ef41cb30ffa6dc36ff14890a48bddbb34ad8e199e6e24878ae29c9f70d65bef54ceb0e2bf263c5add39632e8e4e3374a30ec0f7450

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
991f1bfa18f5b7c2f03ba15bb9a62e45

SHA1
ae5905e2db446ea1d1af81aabe33d35145d8678c

SHA256
6a2c534b376ef2d1e6d1a7dd5094e49a0b9844ae0ee7e4404b33325a195fe46f

SHA512
1d21138f312e3678e7a4fbfd5408c5f8b810aa6aca2f8018bef23f216f9342296bee94a238473354610e93d63ef58e571e16e1e5d584897f8799a00d5f6a7a59

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
db9f8f62618e175839c4f2cdf70a04b0

SHA1
2121e44d70c1ec2009103a76eca1daa4cd5cc3ea

SHA256
f1de4895f0de308ee75a30ad03c51f0298f4b9be227140cbf215d4e7a4f6316e

SHA512
f99e7e9f6b26cddfdeaa6d16adec99c9a98f17cb86788fbd7520e35b178517f3db7ab6eb83506cee3822b4dda3bdb1d6205f5241a6374a6872742f62c1e9c271

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
16887013b647d0c19be1846151e4b934

SHA1
539365159fe9a463e796a94de9eca6c8bdd299b8

SHA256
18fc17aa3fa189526b3ec630e1ca9af87672c245e327b84848f89472cbb3f393

SHA512
6d30b5768eb87880d0997a94ffc721de610bf1053ed7a4272eb2c50a8c9a15b2519ad13b495a74047eb072e366b693735bbc0b1271be29f8aec9f74096217866

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
cd877cb00877cb51ac8d7d6faaed4ba8

SHA1
26e1cf839565f6772ac2a62b1a5567c3e985124a

SHA256
e37d8baf0c3f51598cab49f4675c3006fb3cac2b8d91725939b9bb6e68d7d676

SHA512
ae715143fef45c027f0b01a2d4d75a82fa568edf5ba2ba1be2320992ebe14c7f163abb540ad226d240134a0b164464c87df29c45bf1d83613e5c3b46fe71ae2a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a8de4dc2e39ba6b6d7e2b7ef239ed05b

SHA1
9c98694935ff3e91daaf6f591690c188bbe1006c

SHA256
ad640ff825034061c2b36f41336c3c8469d60dd19a13a4f23da905352481e30d

SHA512
12a77e518770b49ac7f80f51a643bdad67e00c3ce79c0d4843e52dcd6b1610b818af482bde6115b696b1436b7d31b88046e7baad0e89fae81a6efb03b0566985

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a5975040eb99c6c246735d68c951ceda

SHA1
82d01ea31512b37138911b873cba1c735b4ab8f1

SHA256
1573804988d67f4c1418b438f8dcfa2002a7128c19110d4b67c05fad68ac9f05

SHA512
fe0f9d35da25d972d0f67deca13a37d1e5560b01c6868757db3ed39c1a069292b7bb0bc3a6f47d037045c9708d65568191ae904c76657182f5aba9366438b2ae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
7afc175eb846fee8d5d5e664ddef409d

SHA1
93a212b6f7aed999894bd60dbeb029f604212f74

SHA256
5c0cc443984dd9947c53c1dd74f49fee36866ec27e3ea5fb86563c7d9b395e13

SHA512
2cd5a5c06412f2fb062a8de2da7bc7a64aa7bbba3e06553f421cc66ebd94477a4560cacc93febae3402c5043f83adb8a937d04c12c0bf06a911e297f662c0bef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
42ef5b7dfaddcd611b3273beb3e57b52

SHA1
d423562306aafa0aa39dd380b3d9c3a9f33dc83c

SHA256
a23b35343a939254b1dc058baff63b8e693ee1f8c56632141ed90f754b766ebf

SHA512
670a31fad11ce7cc4a6cc2ccd98731beb00d130fa4a88f7361284252fc6cbe8a992a23ef7774364c237705b4021936a8de9692bef5332205a708b0b8c739ca22

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5de6071bd5e5b4406b34332550613fa6

SHA1
e36fad08d145d76f658857f0f3c8e27cb0c9eb3e

SHA256
09711c9c9e4fae923fb9e83f998d70623fd6a345f5193944dc618c0dcae48102

SHA512
ad79ebb1c6ab6a1e522079c3fe5132660405b66133eca60fef439330758c7cd61bcd452951cefa215820912eff03a4c070f57cbeb7dabc6a3c407499d1ee1341

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
fe5b58db15a3ea79cfa404eef17455dc

SHA1
8bca65f39fe9cd41a8ae924c562ad52c31dc82f8

SHA256
a8b5ca72bab4a6480fbcc37c62ef5f4a353dd5a7af5057d7de7512e694d6ee21

SHA512
71a46f0fd90d1e2cc0cfd853d0fcd333428cc3e19e64987d3ef3d913b874e7e39c51714b95d6f7fd857114f043273c61ba2770a8126f605968d8f08289ff2499

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6d3921278b283d4895182828d74dbeb3

SHA1
da925633c6ef53b4cbf740c358c9271282990b93

SHA256
54a2783c53e9dd4e82eaaec60d06950944853a9bb6cb27af299d97ebd38c64af

SHA512
329bc25274e367de25a22f9fce4386d8424b2b8faa3d0380b582418bdcd319e8dc1f8abdfa637d03bd92e4feb53986607a311717cc663bab1a004ddbb50b61c7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5b2dfd86e92703752b20c67ac0f540de

SHA1
3f9bf02054971a52b748a75f0b8c742acb5cc928

SHA256
282cb9be684f2e576ae942aeea3fb5b5cb82b38a0d4fbb1b5a15f5cb099646de

SHA512
e12123cb0e7d2a391c41ae241546aeaf96ab7c7f8fea095e4ce1664452b1a46583235ce6bea230533c126265d4f9365e6f81c652365b255de5546fececf82861

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
368e7e68649f00e3f28ba5603dd969e6

SHA1
b5b8d78b4f9a6dc1eb73a8ba1c5389f38214a520

SHA256
2591ff2c3a0562d31185641f1f2b6efeebe662cd0c96e8d420ca63613816a181

SHA512
8202ac4d0929227b604404860244a10c64dbf39c18b0048cdc7bd183d3e53c5fc7fbcf35b54630989da7f23974c77e1cf7c2228f21a7f5a37715ae63c335964c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
f44280695b246f37987707fe3e134f48

SHA1
925fd7f5f56ada39499026ff0580904addec26ec

SHA256
e237b470dc7510596478fb0c6f59e0bc16726d39ecc7f099c2bbd7cabe4df385

SHA512
6ff42457eecd67e9eb832361bfe503489468c2312cb7c4fc6eb0fe4e28c7136c77eab3c436a67ced9a2fe99b93741e1f00632740d0395bb059e1cb3a73ca5eb9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5ae533c36ff9dacbeb0c99e92d797b1a

SHA1
7c5541a88985dbe86d19102fe7d9c5fac6c117f5

SHA256
acbcce36373b90ffcfab45e2e702b4a44d5ae8f3ced714c9485514651b7cf513

SHA512
54ec404311a34a33d95c78b2841a15e39f132fde8a74c51d1bda6145e989e49c6459993e732a89a442236bc12682be00a0fd646e571b0bc2602b9d231fec6bb4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
b3005c7d16fec8de8a2288530be62a94

SHA1
b1738dd8d7b35f509b4f915ab85d031ec99b8b8b

SHA256
51208bf01d04be54c41703a127cea2398f793a6aa1dc5d8f1fef87a2da8f4684

SHA512
91d2be3a46eb4a0a8d1892ef2607239e80a2e1ff5f523f8e41de20d7c429d367c28c773854f69715fb12742caa9c3c80699880e74baca9761a8eaba65a67966c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a57e0a6b7f51eabd849af57fbaf1c5ad

SHA1
ce8d998ce7597ea2f29417df4836e6e8abda91db

SHA256
01278d56e06ae0839863c49571a67b1eefb3451df697a37d55e209025a9459b3

SHA512
2c2331ee495427a8937de30666a5b9ed5975965b269631314f524008f423d3daa5aadbfea38d1f01d5ce1b54cb5bdb55f69fb6b8fde51e787099b795772edb2e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
7619ef13eed0c54e9614717e752bfbad

SHA1
bc5e65f0a48a58655b165d90d079a36739cbf0cd

SHA256
6ebcf7dc3dfa9f806d924500f99fd76ffc1f96ac4d76d1460d6d902e75c9c20c

SHA512
4784f9e16f69dcfae39a0101d073dd11230d2e87ae9ac414e586e328dea8b0b1b7baec1c3f16a92f3a43ecb168e06d3a12a4df6442176f12b94b74e16c7fbe08

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
68d6c788e5bfa765548a7b91bab36999

SHA1
4f3944592f3f39a143b4c507cccc7ccd214d4930

SHA256
e3e1b4270dd2317d2cc035849ad7ec13ff5a34ebadc78f832a87a40f1f92a23d

SHA512
fba066b9bacff22349892489e6498bc8e69ee73691fc81001238f387e6bad4ad963a8f92e58663de456125b6deca20818e63d846305249ab61f9f68130bba512

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
afbfe083cc68c5f14b238566bbd4bbc1

SHA1
96ea92c956632dba22f486f0aba3b2b2b5c065c1

SHA256
1fcbb3949ad6a65b61566edb427ea484fa03afda21c481a07c5e0acdba6b243f

SHA512
6bc90e9855929b52246ac9f7a21ea2a944c2336b7d865ef8b06f51b22020a7c9c9a149d64bd97f6fe7d2749a3d99e1786d3c6ba32cfb32ba2841f81188925eb5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
8c088328e308c070df5f3599fe4a8799

SHA1
74320f6b5fb3c09d8f03f562ac15665818aa1de0

SHA256
0fedc1f916f2ce9d213a4e3d8c77e5c496e9244886e5b3fc2da0ffe5cc7127c8

SHA512
f3f7ad144f18066a81c1fbc378b1bf9450d4423c2ae6ee59580e8bd4730c4bf289e8c089855b56fcc096360cf212451a2ad021a693dcbb213912a24d28fcaccb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0d15fba66ee2f62a2c564e1f85c65d94

SHA1
b4cf28baef93deae7c2822aaf2b669482918b444

SHA256
e8bc75163b2e04c1057f584abd38185ccdd186285a0a8816656e4ec1abaecb81

SHA512
5cea53f2f0af008c4a73b972664361fb8bd2e13e9c395f216883e46794289208b9cd88093563dbdefb4b6d5f2d1d58a6ab0360201b2ee6d0d8b001176f051377

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
bb143d5be1de78b104362dd237a2811f

SHA1
1fb9e0f0c70834822a3147e9afce7e95801d5d84

SHA256
254b33386541c075b7b5ca965c34ef29c6ebdbb23bf636ab0e5f86c3f8418058

SHA512
87d868afedcfc192ec54cd8eb0a684491793af8e719c58231b888b057bd7d545c39515c6a8027822ebe8dfe51655d8a776b6b997bb3f671fdbc9a6e6a5b5c2cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
fa7c1c3b92a90cde3f8826d016fcde67

SHA1
ab0f60b780f72c5ecf0bf68017c92f8141c69724

SHA256
5fa26d389c9dbec53e5b97ad789748476a2c66542fbee46755075466840f85d9

SHA512
282b6f49224fb00c3c268266ca3f0e99294627e11c13185766c60f639c35763a97e3703e304c2117aee7caa028a58faba86ab762e014700bbdb30280c99e8857

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
109ee185b77c2044e62d976691157001

SHA1
e5133d3936cac6c3f51fa7b66388788b5db3fe54

SHA256
a6eb6cd9847a3605cae2c3ce6c5446aaccba3ef2dd9af3f8297fac86dc7e9bee

SHA512
510106d2211f8b2d15f0a855b1955d7aefdcc7c17a1c5c924420ee4328fb48544639fc66a5cd68b38092f5a60348bb567655ed62cf7959e6c73a58f42bd5aec9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
347afa68eccf9d63872db74eef4bf32f

SHA1
ae9631c345fccb8580443cec6567b9a7c8dfe8f2

SHA256
0aca33d8e8e089a7ad75d780f22d2d2ea5dfd5fab9bbe35dcb65a7b20df5fcbb

SHA512
a86a0c940281c4fd006beba6cfde5787c587f6a8d418e257146374b0ec036148ae53b81387b17af4829968568c11d4a260ebe038e3b22ed384c82a0ec35622ac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
73c88582df54ac2f9afc711d57bf153b

SHA1
17de786a62ef3c663f7d25d6ad845cd37fd55c0f

SHA256
5e968b5afb1aee1754e0e4c162e6ef845fb456eefb74af1c27b343886a5744dd

SHA512
4da6c0735388780484fb4a1dec969a700dea02bf9f37f17da8455a23d19a40f9f6e92877dca0fd544feac2b085255bd87040794b7d4446573a1e2fd63c89e6fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
869523ab5c267fd997ac5b1499dd22cc

SHA1
cc6bae7c95d24667c39c7bcc6b9ef98b40e90d11

SHA256
fefe5019227ae2b51b1827f321309ee044afe49b3e334f1b7536c357f4caa29c

SHA512
c89f05025affefc22cb702d49929ef5dddeaafd61460827be4ea516e25f22aa038453154f48a5da9047bb933ee8c37ba4b4561c5b7e640789dc7e52d96d39a79

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1f5a630281019a40b7611016f462d734

SHA1
ea9f7644de0138e089b64f3aea69b40295451405

SHA256
2ee9c47ee7ccdc250f69982971832696b309e555ae06a8da398eb9c3dbb82d92

SHA512
4ed4d53764779ad1a925dc7daf89d4eb86b28a2aaf960c69f8021c1e25ba5bdea1192f0d90431e27042a744cf3c19f5903c4d5a19284622984fda53c91983c3b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
317236da6a8ea2dbf92532f20376a73c

SHA1
8d5ef431d135b9dde2d134aacb7ea41dbcaaceb1

SHA256
b18134f14d55dcc60475e23ce38a950d2a6008e3075beea469c9cfdad7624661

SHA512
1c3acb749606667894815a7df880b9955578f60984b36ab6962604a2c394411f2d94d8f2737c9612dbd206a2295764533849b19f6e852741a6b81397682c6107

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c2e0988f71187803d68c3c94ecc75820

SHA1
f57b12b254f92f62689fb73e34dec0027273fc1e

SHA256
e6bc649584ba8cc570f286ebbbb25d05a1bc7fc1d78112473862d94f6680d105

SHA512
1849dedd6b878d1fae6a0a7de46d97d0740d927bf0922e2b3ee48e7e83a5949c040c5433971b31bbe6a89feeb8531549537f64c13dbe3a8c3ec90407aa0a893b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
38a25c8c60ef1ab659060998f35ae868

SHA1
50f563d5878e31541bb2ed945273727b3637e8fa

SHA256
a817459914c852467ae22fb4ac3967306661e41fe227c2a7d45631bd3d3036ad

SHA512
6a833235bc45e21f21a863371829ec5f0ecc4d31cb08bb503003ba6d490470d9e59a609239992758332be36f287ce71ce1a9ffaf4cc2f894eb04bd7a39c2a582

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
07438667ff63c0fbe51f076b45a3a337

SHA1
b247c4f2dd5b796b5d1c2aca4f3db60d46185c69

SHA256
f24eaf523c4ff0aed18ab29a015cf050696f8a3eb2a7650281b8edb8a459c95a

SHA512
88bfdc383de62c4779ed5cc5f374f79058e5f04a54268a7f84cc3442ac994493e1572f31fe3eb9d87d514aae90f845d2244328fe3d369c3fb955a90cff5ba7bf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
de644d504db9d89c44afc69cb3726fc7

SHA1
307bae9aae04591de6fac81d7afed662e988c807

SHA256
e9b17f16aab392a002c25e047f7179f89427ca44f13bc644d3b63fc0800e7341

SHA512
3157c93ad4e474ff8b328ebac87237ba6912f5649a99f7b867bc40898d53a7900920ba508b897ba5fb456021252948d2b2e2449ea76e6430a56e58c4984c6f2e

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
487KB

MD5
9bc8bebbcbb3b2ee1a023a27ccedb967

SHA1
4805c4764ca0d6e4338bed6ab48263e2de9a8343

SHA256
b25810138552f7e38040573ca4d82254784ea7d87c961be191deed8ae84b0549

SHA512
5f80896824b940d50c9627e27575241c28831f5bfd872eb0ca8fd3a914b617ef5d81c1b768347e8d25c590af18d923f2945d5287e9ee0b645520b7b085d17c9d

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4084619521-2220719027-1909462854-1000\desktop.ini.exe

Filesize
489KB

MD5
6961ac0827825201940f855ada484183

SHA1
1fdbe3b3c22e571b7d512a7c332b6a0317990020

SHA256
1cb369bad9428f84780b08d567edd3d18537e344e2c546f4349fa034b556c8d4

SHA512
606d31adecf6735346ab6b7a3c24ade101fa8f0c60edeec4295df863c80b182f83d13012ecab5520c07977ca02404bbd7aab61fcc62a5e19164f922c22ad5ad9

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
488KB

MD5
fff5749a07ac1fea91e0e51a34c16189

SHA1
405c93c35057e275de8f1d852b5c2fd013ac451f

SHA256
46b6cf3f8fdd8b3b32380411837cb43077ec564129b628c621bbe7c9c0fec454

SHA512
9ca4245858d8211ef6c54648edca774efc81710717bc68bd60cce3d17f289255582759bd3a08d72bb95b7dd3b0ec55906b29b253369798f360cafe02a98b04d4

Download Submit
memory/2644-0-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download
memory/2644-61-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download
memory/2736-5-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/2736-62-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads