d418ca84ca4bb7db72d2b00f8d6225a57909e02f712c7b0e2d9cefb2e18d0737

Resubmissions

13-07-2024 09:54

240713-lxbx6swdmm 10

13-07-2024 09:50

240713-lvbvdsyapd 10

13-07-2024 09:46

240713-lr1dksyajd 10

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 09:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
Size

2.4MB
MD5

42935359d9ae5ab7507f082c117c0027
SHA1

05dd7616805833497c0ec1826ffc53b7673d8191
SHA256

2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421
SHA512

f7fb318258fd7faaed95facea3b8c1ee2c11c13cb5ea239773b22ae5e270cef94a1892dfd2f60df15cf79f9f4935e4145bf5127734ff8893c3020c245d18189a
SSDEEP

12288:sp4pNfz3ymJnJ8QCFkxCaQTOlPes5Z76k/L/KB8NIpYJTCihq82WFpXKEVFA2MCH:eEtl9mRda12sX7hKB8NIyXbacAfk

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe

Executes dropped EXE 1 IoCs

pid	Process
1448	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\X:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\E:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\G:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\I:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\U:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\A:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\K:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\S:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\W:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\Z:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\H:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\Y:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\O:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\V:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\M:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\N:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\R:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\T:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\B:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\Q:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\P:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\L:	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened for modification	C:\AUTORUN.INF	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3516 wrote to memory of 1448	3516	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe	84
PID 3516 wrote to memory of 1448	3516	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe	84
PID 3516 wrote to memory of 1448	3516	2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe	84

C:\Users\Admin\AppData\Local\Temp\2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe
"C:\Users\Admin\AppData\Local\Temp\2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:1448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1176886754-713327781-2233697964-1000\desktop.ini.exe

Filesize
2.4MB

MD5
0bbc44d5878715433dbd7aaef21cef48

SHA1
f1c82d41de38e9e18b3d3138ac2e7dc7a7ab8f8a

SHA256
b90d4ecb81a5ec87d0648adb1df121c44870a662ed94494e1422eaa4b908d95e

SHA512
9d1f0f0a0d3dc8c3435d2d41841830e6ddf29ab6b9b4aadcac1d9c8c3990ca51f63f59f080d9fadb727d8e431e8bedb451274a39552bee163a3592ef2ed81bd4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c51c2c0dfb3390a21ca9d4eb5fde2001

SHA1
38e20c63e2108003718e96ff87d113215ad1ec22

SHA256
d702a37ffd776f0b9c6ce3fa4e07e812d6c81d1befe4bd9d64083f64f588af81

SHA512
52d07443294d827e676ecce5fd6d6dcd16dc9c2927732c22cfc803835bf75324abfcfc42b5fddf2a551bad6b970b5c28f78ce3cf660219a55c96282e07bbcb19

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
b3407577d91f1c0401e69a3bc215a258

SHA1
70156950b29cf1c51b75e399294f3bfc4f63a212

SHA256
be6400dcdfa7b2e7fdc4faf5a48d10313fd8f89fb5fd7150ff800dfbc9283fbf

SHA512
224892f3620a3ba50135eed17b616155dbfb1c217dccb2c113164712b42a9a0a6d5102dc340aa614c68eddae50de4cc57f34acab4591218eaa888790d492ad3c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3d3cb5a1dade69213e93b9c84d30e796

SHA1
ecd7897f4233806cea74394f64f46473d881d29e

SHA256
9231c96c6d29dbf1b120b06d7fef9d40fe5e9d2a56bba47e3a3035180ee632a6

SHA512
c86b6d72dd9b2120fcfe086cd0730bfac62bcaf6781ce5aee01a39006cad55118bf7d2cfa4a8e2d37956ffb5722400c241400130fd793e52676cd1e418811459

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
834c9b73208a672ab04fb42867d0e048

SHA1
ac899aaccd0d19bf9aa163d937c2d63a966bbef3

SHA256
0f5fd70451829bda63b137bd7f54c1bc6fadc6262a2a51dfef4e926a3b0fe75f

SHA512
5947babcb24c0d3fec6cea25d7cd0abebc1e67201e867f86c4ba28837bc9e2afff78fbd194c89dcde232d5e0175b2a554712c55f294b001d4cf82dfd824cd667

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6becc421e57ba437708d929ce82b0f05

SHA1
945fb2775c9b1e639ef18703cc0503df368de1f2

SHA256
d13848201a6610fd0d13012c41bccc95ec2e3956d0a8d27bdaaa83e8d38ae806

SHA512
d7bf4d3ea45fc5b1de68666e4c9b0072cb5bc56d140f6323371fd618b81789be45fd8d39f9320684a242b12ec329a4b1470c43f833f8155b4e539886cea4fb57

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
ac5f530a40a0545ce6995ca71729c8ca

SHA1
16f92aa8a144f84776497824fee79c34ebf50831

SHA256
e565515f345ae3a1c3948c0863c41c964485ada6d0885e0bd1537ffeda52572e

SHA512
553cd281e85f2fdf79cd82953848fdda7da5c54d8c6de04e6963276635eb212291fb0d5062e6ddb75ff7cfc7743800b59d2dadd2c396e911d923fa23a04f876b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
544bc5dcda7780543e5e616631f0e122

SHA1
a4bd307af0d638c7e97c4ef61362e6546ef3ad93

SHA256
b264fd68e5b323d171cb29c51777af125dca025bedefc621cf189294351cdbf1

SHA512
bb2ff745cdc7a88b50a6fd73e82f1854673c1a3cee759b1b2b5cfd2095c1223465f986d027bfa4d723e20f732d9e3846f1e4d78fb9e71336c5566505681ea3d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
eefc28dbdf11480f8714f6bc40534b7f

SHA1
0681827b06b3cf84f8571ec72895bc4498913e72

SHA256
585bfa420b6d1f985c3b7286050f0d1c11c248044fedc664a168a202cbbd5951

SHA512
687ad74b9ee27a89d721a8b4997ccfc80224c6f06b9d49148473e0ef628cd6a940881f615a5a7f09ff0e6b8773160ea98d112be2287cd366c2b13cf6c8a6067d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8ff626c5bfacc1cf4284e6461384781f

SHA1
e12248ac3e6ae4f78174d8114b0a6df73c4b4f08

SHA256
5e83d1f82296cd34076e93ca059ec8b09dd6a7470f3a78387c7f3214d8ca7015

SHA512
6307387dd88dc609ff9a7bd5528b96031f8526695764281a978ff9b3ae7217426dfadd3b8c383d2b2a03af33529fba5b5732ab7a6dc178e51ee56b9940aa291d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4dc53078dfe2193b8e1dd3c42c173559

SHA1
a7cff497a779e065de5d21034bcddea7cc5bcf65

SHA256
b3290b49f0c0d63f3bf33d563bfa74bbcf95e21fe0a8583a1a344f38823c95e4

SHA512
f6df508114e321fef4549440e8033a41b150196e3911fced850ff3ff11fe2cfb12447cc6b757afeacf83bb6a8a1dcf7fbef6226968c9e10c55d53f3d1d8195fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
878b2ec704cb1fb830a13137aee3a138

SHA1
1ee60b6b35c59651b67d21485667f39df53cfc3e

SHA256
15056a4b0fc382463e25ae1838e689fa44cd09a8cfc0c5e1400f97f859c6421a

SHA512
7db3ea753c6f99fbbbd308fe25789de96719cf638c857400059a641bd60fe244a98c95d87a86c631995a62312d7c1afeadc5f662d42564286372254bbf0a6548

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
43bc378401beb8ca000035d2b42983f7

SHA1
f2851040b3ab451f1fe379d947a28d63a1162bdc

SHA256
a0d6ea4840460eae40726c36603059f77052b8e1ef300921123e74636d263f3f

SHA512
8171d4dd01d3e8a472a8113fb933b968ce7e1478a84a75af65ef1826e83fc4f89728fc35d7bf30bbdc8468cab794ea442a4c95d245b6c044f46db57dca32e803

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
da6ff7abdbf953d0e21c762f04e517cb

SHA1
dc978ed694be3db15780d5df08a0b206cdfaacba

SHA256
a8af6d4667e657b61b9f5ad3066d6d90990947678412627b56b4fe226f63676e

SHA512
d3c6adcc94d5f31d42f47909aab491b085c178e9d19f22609d70926beecfa6d33f23bdb69fd13176a6f62418f57c91330e689bef3aff79df82da40a804e309ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
eada96b97a942935649de17adff6c27f

SHA1
0166f96c23c001a255458b431f43f86781fdfef6

SHA256
56d8d16868b58e88a672b7fd7048c9b373e7bf93941181a2dfd2373785c17e9d

SHA512
e10c4e2523d5b0ac78c112e42200dd80257f15d3449f34f63c76cd4d8407ca19c6622e83344e46904be03c205409e5dc6ebf91b386842f7bc09034d84f690ed2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
ebb1c99a65cd11caca69292f2690a5d7

SHA1
58d18c2d80e046ab90bd82892edcc473c1cd8b92

SHA256
6a34002013ca57d238d97297ba14b376ce9a81afd46fa342a8afff1f399e7f6b

SHA512
17cb34881f3a9a4badb05ad300620d8f8626b7e791045a5561c1a32ce48fdf8187c0404ed61c40d97d3fce99f0e762d0d06ff331d06eba0742d308b9a9a5fe0d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
79bca65ad15d0375922c25b69de616ba

SHA1
9c41015a0cc00836f18b0f4567e571974602c7e9

SHA256
ed08ad4612b37f92e4f994fb0b3654a72430efaacbafd16ea4348276c6123b7c

SHA512
b7ea196e5d049dbcdac2026e2978257e227b83ec7cfaddce28af6b6b68edcc696800086e9b943b13c17b0979c2743f8b9b026841d743df011669795372ec8107

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
17a400942d2cd2259e4f2d48f8b2ddbb

SHA1
3b8d05f2a813375cf10e2061d0e034bb37bd6d62

SHA256
b0c70baece9d3bee56b915cba0ffc57cfb9d3ead2b047096a2afbc73aa66dac1

SHA512
085312b2d8ede2ff72d72dae79de2c0480bf43fc3ca57c8446ce6d44339ad03d4d6cc7ca52993c469b51b8e90f09bd4b8cd77fdd7b0613a8644ec67110322d1f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e9f518ba18dde10d04b1f7b5b7f458fe

SHA1
a81d9fd133f3e2ae95bc48fad06873cb4afef45a

SHA256
2943ea04051db76249b08dc0a94a5a6ac3833f43b157cd1417f11030aae14e82

SHA512
5e3e47e218159941efcea257bd4ec4d3e8e3fd87feeaf806ad39b2a6eda2733735070600e1dd863f46e7a847a180932ea75f7c29ca26b865b9ee7dd4fecff7a9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7938240ea560c793a6934adc3fcee453

SHA1
9e421ce32b1efb5d189128f39f813c5119c11791

SHA256
1aa4fee6049b9ba54fe5a60729d66c1fb3b9f96a75866fd6cfc75e9d1a3c0bb1

SHA512
fb448d465a2eb369ce9e3ef4feb1783d8d244c986e82f4c95cfaaa3d568f87448a14cbe89e9bc1c5de43ec88673723cebc634a9628aa043d20866d40205c6a98

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
841dddec75f1c09debf59cf4a98d57dd

SHA1
315c934f693ee2391651b7778fe1ebed6438d2f1

SHA256
bc02d2d3ae343c2c0ead0b3c88021cd7889e6f96369afb7dcc367805e8b1001f

SHA512
ff2f911ece2d78abab78b2e705b7e7b3d52d9e47a15a0f4112acd65dea4600ff38d5d265779a1d2032872711411aea937e7909e8904be6f9788b32f95b1305f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
05ca562c9257ab0075de417b3b1b9bc2

SHA1
ea09a39107174ae2382594bfe9d49711b5771dda

SHA256
12b54dd349988cc2c7d050b7ef9ffe421345f1109110765935e0c00bc6c0f3c7

SHA512
3dc42f45d6a77c826db6e1c19514ee1642531d1ecb498e9257ab9a47d614d1edea9fe37f15388493cfe0282145188282f3d0b24bc03512038cbb5bfc44f47927

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4acafc5dcac70bd30eb8345def6f9481

SHA1
2cb7d643f3b33d3f64165a9d32a10f7437b09f02

SHA256
f4af71052e40cfc33d3d984ed85448eee68bb4bfb0bfded9d1acb5f8c0034cb8

SHA512
aeb08986785809d2056f862980d9184fc76d55da1171f9d1b0b5ab2b951c6527656cb47d0e18661249568ca748b841601dc5a1deaf2d67d5686d81514fb879ec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6271fb0b6a594b9c580e9a8ea5dcb597

SHA1
d13a1a750fcca2b0e581167fa6dc0d9c4c2e11ff

SHA256
fad66a611d7e13a6490cbd4b4f39153d98ae0b9d683e421d796ab3de8d58a79f

SHA512
472a93293845f474cf605778e6aca86979898c0a617998ab220f7ac489daba131b2924bab60bf30acf1a40af247a2590febfb87f3d5bbd03bb5dce1de21d547d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
a94f833d35f60dc0c8f41ed1db2df36b

SHA1
e33794608a0ea99c4ab03297b2d36e511dedf8d6

SHA256
18e0c5a7be8aa015de0cb77ceadbc61aa32cfc89c7986dec9c318cc6762f85ed

SHA512
8a0ae1917eb05e3fe4d58a6a9fda947cb67b160c642ae84922d592e85eafb7317e797648cefcf2cc4eb509adbcc6c8a36b8cebfa4fed7ce7fb56472a77c4eb42

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
78c5afdf4e1d337820f77b99f21ea177

SHA1
2393c193c09fd0a851bbc78c63d869b2d8528dff

SHA256
f8b70fde041610b6b360cd3a7ddc0136356a8e15cb6cc47ba09ec84a45c2d37c

SHA512
39652c3340f8c30167239a20850f7c08c7a6c2dbf571a187d1e4b2c614a7bbc2e8d3325d99b82a737d563f5b9882c2a0dd955f9480a083ea73c007d5a3fd2b16

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
df115a6c4c9886319abd6ed2a208f93a

SHA1
704482ae0c5762ae32c33db9f955ada949eebc28

SHA256
5d3a4217776a621a6a478c5b67a251344429f2130f6ef2a2338520bbd2d31a83

SHA512
76576a16c278b20d45e1117aba92bef0bdcfa0ca6177d1466250cb07680b26a4d902c0841e173180b2bc86369cd50f69249769a801754a8dd8c08417b15244b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ce4dc83724728b84826ffefce2e79438

SHA1
6f3d867bdf8a748e6b7f81a977c2972eec5d9064

SHA256
21aa106fa5b07680daff17c8da810692fbd5e7b991f981f56970b2fe5ee70fb4

SHA512
0423c52029e85416c99f2cbe51d3124ded4e3eaff2f83d618276291092700409ed2ca6a2e553bbe45a09590dcc0ec9d2e329f3dbc64d2c0ffce522c890d92c7e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
7260aa9ce0e6c88d0811d3a27fa76714

SHA1
49dfbae4bf18f654817b2de41d62ae9a702aa0cc

SHA256
de9544be45d44177eec062df45847bd2451046928f8c9ba8d8d1e2bd010984fa

SHA512
b229a6788ee4d90e3b64ae23d4efd846aacece6d15d6d55f462c26ea9b143a41766cf6c53e6cb949055124d5a538d6d06a5826e34f7da399f139a6e6a5fdf833

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f418cbdc9a68a9a4293ae08b7e128a88

SHA1
e78341353241f1fe017b044740d57e541593bb60

SHA256
a59d1a65a82d9d856c637daf7057fd3b8f3d3efce1e6e76167f7d4c9bfe5fc33

SHA512
ce33238de7f528efdc53c25bdd9c1c3a19f91594814aa583f5899ca79ccdd7bfa7991cc724ffc6d370899a4186165359fda580fc9a084417bb913920e52eecd5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
ffec43c4366dcf5e63a9bafc510a33f5

SHA1
b729f52cfde2b7f761278ef8f1306f9dd87d5ad1

SHA256
e37b566c69a665929fc3ec464e728ba9096a35296458a40d835630d163e371b5

SHA512
30ecf0e4d480a68850481fefb01a494594c5a308d2d0b314ce88d03345bbfdca7dea14c81ebdf0b0745b4e123d7063662867fa9bf31ac8ddf828a6c713639109

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e0da33c46e2445e8fd522deac7ab9d61

SHA1
77e9a573b78cfeeaead89b7100afe8c222788bf5

SHA256
0b584852c78bce2912542d8399678548fe7012545b54e84f1e88e30619597e80

SHA512
7cf0b76f970422351f0d898b820f0f03ccfbe61fd35388ccdd423fae32b79b196f8758bd4061ff5cca3997e142873a297ac4d21338f102ecbc82c4c15e3ac179

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
2262d33a12e01797a61d4745c41abbe2

SHA1
691f24b6c8f8e4f4d2aae0639d9ad8ac9e75fb93

SHA256
c7eda725bd426e2bf01e79a987bace3c91356ded58009a28d5b2f5eed3c1bc1f

SHA512
7a39c2ba5fce12a9c674b085d88a62c82bd793ecbea5051be50f27ee8e36df947ad762b8a89a43d1922d97df01862915413c96acfa8d83e642ba1b1c11f00d3c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
67a6574a5cd6044d37c072da58d10584

SHA1
6a55d73032f7dee3fac951163e6ecf5c034ac83c

SHA256
ee796462cfa277ea82f9ac128ec66e89f3f1f2df45cdcd06535e13eede79dc62

SHA512
591912bab85c1c39ca83990329f1d98958e832be5ea4806095901f16ad50423f1b362e500c622c495df69101f64926816b2248ca1c1b173941ab197a31300567

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
ef80f0c3abbd63148e656707ecf2cc1f

SHA1
b700b2679b8935d4fa664f4ea767ebabb80a04c2

SHA256
478a9eb081b592ada8e2f8e66ac4680565e82eb582f1500f8415bb7c70bf62f6

SHA512
13e3627af8f20e39eda006ee6294d8367ebac32543fcfbc8f5d75960e70fb4ad383c807b453a3c4f1abbd2252b25be754f36dba02155628fd92d2343598fc49f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7b5771a9c073bf0c7add340f1d591f58

SHA1
1f51172e83935b2f3438ce5ecdcd0fe07c16db56

SHA256
14fad9dcbf4c94016425b3fd6146117018fce1c7792e6dc6d3e221f88df407cd

SHA512
d1723c028cc1f7d4122497a664d548c26154ac61a46134ae84b740641ab30ab64cac21e72226a588d071909e23f2d0aa31c9f6e5c17a0665ce5ea43751a78d3c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
03e58023357be2249263f366777e118b

SHA1
e15ff5d15ad54385c2a8d14ca23df8fe75636418

SHA256
3895e5a7e9e37406dda08e60618fbd415cbd98ec6af12ee467da763f2373ffa8

SHA512
f2736c207b2d86f2e364616e0f1e8aa66dee5a7210bf8f97c1415db48a81b6f10d6bd2ea82c5f709299fcc9e34f7742b9cada8fd2036537050016e8cc145772f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
24d8b2961479dad512d1c1d31cb469c5

SHA1
98576e95d62cd404f629001dc00ebb8e73c0fbfd

SHA256
22004a6a532a21b713715b546cbaf221622f9add1435ff567901a727c5e61381

SHA512
fdff939d732e6352fb266e2ed08d3d8003995fd4bf11afc491eba86f924082cd4bc3efbe03d802bdcf155afa82d7c9de25c5f410f1c3c6b96cee41be07ddd652

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
d5aa1eb1a0c14c5e9f37c7a2fa4d2ed0

SHA1
f0cf5b91b60c6f16f4bba72294ef44bb07db9b48

SHA256
c107338610ea102a44aca99540bb185e2cc77ae9ac39ba07e0490c8e1abf07b1

SHA512
58338cab8796347d65b72276991009ea4af4a06ae60c16d72fffe96d86895982794c18a61446e57284f8a63b013ec9d7c8fbf709dd09b87fe9c2f56be4194812

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1d43cdb660870c2af60163d8cf0a9d88

SHA1
f06f892c6763e450f75ad6bb59fa8f6884cb7ba8

SHA256
18f0850f29673353bb5e8b9cd1332d9de2f5ecc08bd61517b1494c578161146d

SHA512
b87d7dcbe4ff9b0fcbd7a58c5ff27a0aa42d794c1cac8140c401d3b69fb96b52fde4835d12c856c9098f7dcab469efa6437f117808cc32b56817f6cbdd184999

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
64fadd37da0e3bc34bd0a5de199a41d7

SHA1
a0a10a6d5adadf033e0f2345d7be62a494427abc

SHA256
29218e5c6f03bf7da724e0565847dcaf1a57192cab60750a4f2b735dda183fef

SHA512
390775863c992c503fbfceeb38973cb851bedf40ecb68f7bff9ef31813ccc8815fd8649aab7b8dda0822c2f7bf45712ea28d033ec3aaa45e002f5cc304177910

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
292508213d9f81974bfa0817bb7694ce

SHA1
4cd40e7c6fcfab03e206ad28d4b7e60fcdaefb53

SHA256
f8414913dc9ced59d7639bb2860b2c609a652768e4343133288d3459aa0894b5

SHA512
9b2a1f1a2f35a7834dcd2fec745066ad8207f4708c71183208b8fecec508118a82529c5794b377d63b4ec5124f6b4fa423969b8745bdfb627d5cdc753736b40f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3e16c1e6baa4d5c0e7b18a86f7806add

SHA1
615d80ef8563b131f033435dbdec62df111ba211

SHA256
b455269af5ec0af824b2cbbdd2bcfde205cd9dc27574a24b3996947564db8b5e

SHA512
b99a860f4938d60340c380d952ae9c358edf992df81d6f8c16cdd49ea9d7191fa4b67d45d893594e6738b199d04103a25c48d8702d63d4100dd4aa4a43ee6a41

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
856d4196dee2fc32a6e5484cfb723c20

SHA1
8cbdfd6e54b68f4e62a571de3a93913facd9777d

SHA256
2c6b54b16b3ecd220643da8c395af2d2cf28dea6b498bffa65fd935e420bea72

SHA512
21e254a9eaf66385a487ce8d274537a520a3dc289d6000b654d30c880897602b2a6a76eff397a2197d872d3939add802294b64ec4144acd0a1d51cd6b9af2c5a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e6b1326294b6664bf1254c7febb851ac

SHA1
6b8195f607b7070901dee27418f41f7a28a7b576

SHA256
ed0782c5a969f1e9ab4d5dbe6016d87b62d168b0a5aa667b94748dd2bda9b1b9

SHA512
e4ef836bb38b87b157cfa54091fb611ca1c38c3e130d0bdc5db3742aab8371cabcbeb5a82b35b93d6e0a7e15de1abd23d6033989a0543a2601dfdf1718d9703f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
385205583da295fbb0cb44ee3d7ee029

SHA1
314e1fe45d89bddf669f3370a21b5153994001d3

SHA256
3bfaa6f9d9452e2c9295d1d56fcd8a620003576649197bbe6b4ab9c324042fe3

SHA512
54f0690c46a44c57d99d96bbd7c5f74fa5b560d7f2d28eb290cf8a46deddff1a8c5ad8d6da5a101003ef5e0ef5dfa5ad7111618dff7165b6909a8513fb81519e

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
2.4MB

MD5
4deb32e0d99e70030e0a145ba27c9bc1

SHA1
02864cb437c185685f7987400bb15ded169f494f

SHA256
139d861057f6be9f004db60345166fc74cf19db6e46e967a4ee2d04836467d8d

SHA512
42e2dcbfe8f51a603e8f5b2ac94bbb817f273741451105aadad68540453d55e3fd76a06ddd806c9bf04030567a3dc7286259b747da52f77a36687c7169e40fe8

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1176886754-713327781-2233697964-1000\desktop.ini.exe

Filesize
2.4MB

MD5
f64c4caddf30294d01bc76f9505f8118

SHA1
f966778f216e03d3589e6ecf50ac18276033b869

SHA256
3066ff2a9a5402016468bd65db0ca26959174c8ba41da6908e0f54c036a33f68

SHA512
7856dc2963ac04911a1dc5424d25ded876520b84b9c9d8a84c119186827f6c12c4c746a9e240d88303d057f186175bc5753d5631fccb05a7713e84f398bba8f0

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
2.4MB

MD5
42935359d9ae5ab7507f082c117c0027

SHA1
05dd7616805833497c0ec1826ffc53b7673d8191

SHA256
2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421

SHA512
f7fb318258fd7faaed95facea3b8c1ee2c11c13cb5ea239773b22ae5e270cef94a1892dfd2f60df15cf79f9f4935e4145bf5127734ff8893c3020c245d18189a

Download Submit
memory/1448-60-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/1448-61-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/1448-6-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/3516-54-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/3516-55-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/3516-0-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/3516-1-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads