7fe0c29468bc2390d320ae6d7af0e3727a5323e6b2e8d0b4f434a752388b23e2

Analysis

max time kernel
145s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
Size

2.8MB
MD5

82218c42c0b0c726bc52fe1d36901cc9
SHA1

dad33cc4e84c48ded034cc1bc58240c4ea46a115
SHA256

7fe0c29468bc2390d320ae6d7af0e3727a5323e6b2e8d0b4f434a752388b23e2
SHA512

94479bf2f9460188109c4803abe47d89a369fabad40def9ad102dfb5fa36c9cdac1a6bdc3a98477e54076604783526b0330c1e8f0e92a5ba4d2f898ee6d0d240
SSDEEP

49152:DEs1ywi0L0qUB8NIMI8SfpwotkzaxcJ4kfxuO:DE2di0PIMzKpXOMg

Score

10^/10

discovery persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Executes dropped EXE 1 IoCs

pid	Process
2812	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\R:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\P:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\Q:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\S:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\Y:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\A:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\I:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\Z:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\G:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\N:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\M:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\V:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\E:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\K:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\W:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\X:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\H:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\T:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\L:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\O:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\U:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\B:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened (read-only)	\??\J:	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	HelpMe.exe
File opened for modification	F:\AUTORUN.INF	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HelpMe.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 2812	2564	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe	84
PID 2564 wrote to memory of 2812	2564	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe	84
PID 2564 wrote to memory of 2812	2564	82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\82218c42c0b0c726bc52fe1d36901cc9_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-195445723-368091294-1661186673-1000\desktop.ini.exe

Filesize
2.8MB

MD5
9a8f5c1daf7aeb605901c50897f21cb1

SHA1
cd3dc0e4e6181dd85b1443f01a6a4f0d96efb4ef

SHA256
72e350731a6c1c2cabc87e81835c4d0ead568529a05932426c3e0efcd75a23b8

SHA512
f3dc8db386ff710c4e96966b22d5db23404a71143693b50a35e8ffd9f99463404988063f13ed32a12859ec23790a5ce162f4e239cc1dd100a7cec86b0bd05302

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
c94333db1610ea4fc8c732b22f31d62c

SHA1
0efdaf9dde8dff0004a2afae550592202aefb921

SHA256
5f2c602bae4769de07c2de9be8e4976a0db4740fa8738b182691bb6afd5872b3

SHA512
2622e159ff8f75c7521f3714d6c92da9834872d284d1061a256ff4bcecfe9618090bdfc8e89c78f0b4da4d4bf7664e7f17186f3e0410bad72173d00dae808ca5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3aa0183731a3b99407a54bdb985a65ca

SHA1
5b624c08e30049ec535812402f47ad133df0fd6c

SHA256
cb0f6e87e655a852b8312efe0a61ec56408342bf82e1613e80d8f3a1f6731a2e

SHA512
1baa862abb1d5fbdcae73db6bb21e93b5004c1ed7881190d4e80e613055322536115c78f17e370e6911269143e17c1e8666364d61b0699c3913a755936e6094c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
559a4fe6f3fb0cc167e019240c56920a

SHA1
d30a3d33eab257b480a93dfe36aa2ddec9919918

SHA256
7c77395a2cb6e8fa8096b9309e04b7ba34065b1284972a94d79de4aa10ae2e1b

SHA512
9e2cfb009c7cbb3f684026f2dbc549e1689c7d2b682303330a3e9313d6c31b2f9b347a3a56e407d335096bf603e74774044f2916702da148ba5e3dde302a3e95

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
83cdef6ba5d94139d41db7784838dbd3

SHA1
fec2aabf3ec97cb51856e850b5380e9fc79be379

SHA256
8ef9f9ca187235619738910660de9c7ffefc3a66a509c7bdd3766c4232ff7d87

SHA512
65733d03b1508a15be9cfb99effbe4a8946afa2fbff71b7975ee9cd7a8aa5a70e07bcdc85b12ac093e3e603f9d0ddef953bffd7de1499c3a4822420b2f4cd8d6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
0ce36a6a8bc9f15cc595a72f872200da

SHA1
921e6e6fc075cef49d938c3ef714568761927fb0

SHA256
1fe08bb2dc714df26466dc3454e10814e6732e7381004957aee07b0c226ac594

SHA512
fc86a184822bce60143438070cb87820f31bf02b9c2f6ce9b2d2ccc1bb1cb5f086c6d479cd83751cc1887cba45e82836f0229e4c69e6df707e027e193e30904f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5f2fe085a3b3a60d4b8585239ab93f04

SHA1
dae86fdb99fa3440617442f2f93bed2f026d8c74

SHA256
f40b35dd791947ddf392251b2b3e0a8c1bdff28c78580c56736e658af9287946

SHA512
de923336905ed2f481127608a87f96752284d4b4efbeb2f6bf66a3414a1cd8220e6245a05d0f7e4063c9a2b0bb4af8050b462ddb1cc65253f8449dd686a00e44

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
70241bc074cc6492c4d3712e1b2783d3

SHA1
0b61dc2582d08711a4783e367c02d564afd5f12d

SHA256
e954907b2834c2a5036cfed43766f3dc291ee3020c26115b56be791f134d4a23

SHA512
5ba00b1d23b97e7b79e988544e8a297fcff5bcbb735859e4c56253fc4c7119ff2e3c724c1efaf3353fc9862843131157b2ba10ec9353930e285a8b80dc9e3b69

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4ae2a3c7f995b3251b2d7cfb94cb5af8

SHA1
6b03888d3a55442ef0ed0936512d6b4d146ce004

SHA256
876c64fce3281169e9aa8da8b71cb3527bfeb8d76f143d2e6c932ee90afa3033

SHA512
981bebc91370bfd946b889a286c30ce9a469de99d6db2e706dc0195467d959a260d0dacae52aa990d7d7ae14a2507e63fb8c1efe2b761f533d17a994e4bbf056

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
e9085256ba957210e9928d40c42c7608

SHA1
7ad1ea0c6a8cc7ff512170db1cb402d1947394ca

SHA256
7f1bb5536727725a6287039dc81f7f45214876510727f51a2a5a18cc5020fc01

SHA512
5384486183b20aa8adca10311f83f45652d7351e817f75fa41f78aea0d8d664251c80db11d4e6ae5d2e1f771c28ff32e0658c29a544ae59cd4141a544104f883

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d5219278c0d8008cd98af023d97a375e

SHA1
c67a6fee8671ccf1779af0dc4a8fdf1106f87784

SHA256
1aa3a592dd69c965b3fc7ee6da799772b7c6498445abe0a2a91bf9ae2bb23118

SHA512
2c549c6f40ba9e6d3963a149303232b0f6a8f39df3988be33f49882980308ae8ff1d16943366fad2239e71c6bfe6e89111f3f72e84e301fb040ecebaff64ab0e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4e5b713e8b2f5a0ca956830a3906ac9f

SHA1
85aa8995b0063ed4ebd08502badb2a4179deb1c2

SHA256
aaede9526ba22c3545c8ae4102758726c855cd7eaadace40af9743ac0c91f0d9

SHA512
b34bcfb30cd501bd9da81b9a17fb8ab6a8ad06d03bafb92914ba85848bb92eb328fc574507f07c6946e62bb35e3c093e16bf7085e9033eeb8b5d4afde83ea734

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8941d1ec2a72bea6b48105ddacfdf5fb

SHA1
f7558e1a11b0022948b24916dade2b5ba96c289c

SHA256
1e04c3dc3253702d3a374638ac552a42a9a494174f2fd3aa787aa61500340af9

SHA512
29d0beeb76412ee556ca382acf35e1706bb31e5c8534057cc67a019883411ea5901ffb98bd62517cd95745f5f893592811e3cb4f455d87a07f8e1d40c4406bdf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f1cad5a92b9ccbe140c0cdf014735f4a

SHA1
508f53396574b638296a67dbf71cb52a10bf8762

SHA256
4d2ca44868c72f210520ebc207ec9227f29310fbb5d83af894d2980b25bb09ed

SHA512
91f585ce298b9bb5798540f5fb2e24cd09cde344cfc54aeb3e0e443d2142b535c36aa3670a0866d5526472927ade0caa48aa613b1fd4c6c5f5f66c1e1c8171e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
b699c12b2bde0cb4a359ca96936bc481

SHA1
9765c394b265e4d1139d0057ffd3f64bda738ede

SHA256
3ee464d4e8999e7c03323a760761301b72ff781a2ca025c9a8aa3dfd2c5f24dd

SHA512
95619c5a505cbaabf2ae8a169f11d6bdf01e44c1489d7db9c659d7d964d2bfc2d76acd22488988c3856e904ffdca0b444299d46f1bb1234d0c428d440214a7f4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
508725a537fb55d22f358d232c619373

SHA1
2a373f40d90706bd831fd2ce99cc310d0e8db3b2

SHA256
13cf47bf8960555bc9d6e7b05af720d9f82d94255b60be0bbfdbe8c112c2e090

SHA512
6c291799a0c57e078d67c46f3ea725af32521655cfc4a091299cbfdc97022b112b05d35d73a1d2cdfab915d0fa750057c9c473db555fe717f4cce3e8f487d3a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
2dbcb66b5a9b9c76d41f36e55e3bb9f4

SHA1
d216756f782b596664c1b39fc53869f7e88585b8

SHA256
1001c2d6e1fad7c60788d31bb2aa142d2a6f2dfb74ba89441a1518c0326c30a0

SHA512
7d3225243f530d2f13ae5948b754ef08723fc8bea34d3769aafd656bd2fe4a47056860519c7bde319677b6f0fd9d555e2b950ef66ada7d85a9944e54817ae20d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4c94db9b96a49b0b8d297de1ebc73bd2

SHA1
9ea21f041fd07547bcdd792210ea4c1f7637414e

SHA256
2ac80063c6ac3b8eba99275c4ea178298636131f05853abbe020f109f1134e83

SHA512
8995ff3bfdd45ff6eca03a48a7cef3fbcc39c8a2ca7c527affc03065f6b5cd9d4954c089f57e96214aaffc7d3da92a6d190d1c3bb71ea53e6d67e2eb21166ae7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
f505ab134d0970db25b905c3715e98eb

SHA1
f8ecd309eb51ae40991a7e77f49ec51b15ab1371

SHA256
b369670072c291f900075d8bd1f0788fdc6fe902f9246388895e7ff3c950c98b

SHA512
b55c3c562a34b67978981583f80ec89041bf19b49fc4d63c82ce54945ad54805ba2fd02066cd17c766dcd12237d4a25b973a805742c35a739bdfe0227a00649c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4f4e6224b2480676979c80399b7647ea

SHA1
1e609b1764979e73f695d957f8e183f6f64caa8b

SHA256
9c60fe2c607c6f1c98bc338d9af66af2a2d6c4815ab77d0cb86d1b76da6a7edc

SHA512
82fa69318d8d08eec1f2aea478641eb865b08a0719de68cf38b4371ceee44b41c78ea4afb95a8b6ae053230142f33456d3c4d4eff0a82ef841f9189416719d96

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1d361ff86332e229fc74bb13307e5b04

SHA1
e72a076cc1b6422991a80f106810cfa71eb28d80

SHA256
77f87c54d53616a8d9ed0b6e91b42119fad6a24437b662d20f75fe3e9ac670f9

SHA512
25fdd5564cb75b5077b5d10e6097e272f5697e0f28d282d9d4d200dadc20e7819e17abcc5b549ddc6e3019f5057afe8c8a96c00ae2d7ece22e56670f9e3aef1a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
22e668f9afb7e66f4afc30e7511f20d8

SHA1
dd1446dc6dcbcb5ca24b9c5a65cfde236d1f6102

SHA256
f03955e4e50e957df66c637506cc7df7a2a3fdfdba784d93f13ccff2c43a0ffe

SHA512
6ab3c4aaf154503abc0725163ff368d14bcbac06dd65b9f65e4b802a59b8bf309f647c1763395fa354b3ca9527c9ea010a68b735f354dc99329c283fd967555d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f0f7348e5eb8e9e3c116c9f095ed31bb

SHA1
d0a33c66d9af51bad689d9b9fc290190bf49e00e

SHA256
096ff8b2a21b03cccc41f74220437e6d24b548fee1c88e7301a9d8ae9a7e2c63

SHA512
72cf1a0ed0359350e807abf87bf189ede65fef46af249be2ddb13ad259766e02e347e292fec7e7876319aa867bbc8a36998f33c088286ad9095355671621900f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
433aa9dd28de264b88b9a53a58f1a6d0

SHA1
e0f57a66af9ed84e3ce0e5b3ead881fc661cb765

SHA256
e7a997629d9863ee719b44304edd148761107c49c29d35b9509faf48f009644b

SHA512
75b3caf63397b6755e067535b5712e58b24d72a8d2244b3202c54f57a4b026c42423cab4b323c723e4905b330faf2b29d284193aa1d6c3b6ff9d3c87af9cac50

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
fcea3513c657238e5eeaf512b829cd6b

SHA1
b25fcdf2576f553f80b34874dac73afb3f190f17

SHA256
45e63997ba82b7eb4e299216337d05e5aaae546b5ba303217defdc62e09acd48

SHA512
c395ba2ac7d7c2c576f623ad6f31df0a72f0daee7f2b5b62cc6f8b79ddf56f3b083d6e3a09da4320b763e8b94e654f54884b29b92bd89c5d0138c9dd6115f772

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
cf43a5095b05041014ba3ff2ff102a0f

SHA1
5c151da57020e35b3aee9f0b4708b175a437e41b

SHA256
6aecce31812ba70a6cd1e304acd31803a8fa2009bafe0015c3e48ee080906623

SHA512
dd5f4eabe36cf274b4c38ff58757cc7a9b798825fa06387ae5a70399ce22976a80e778f4b5a0d2aa4e651a607c8d6102803b372b873e7c61dca2ff63212a3849

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
c0c26ed4c089c40a7003645111249126

SHA1
3542cc3567fd14740abfd03972722973123edf38

SHA256
361f3b771f9366253bd0f3a13612993c793b943f9762711d3170d97b65d1de34

SHA512
e0cc9e0ff3e1901980d87d139982c6f6ad4be658dcd1bdbfb072286fba3c6bc2f6dd3d39842fa9f481d41cc666555ceff6cb0b2173ab8d7789620853d7848871

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
9981b84b07256b99e82ea51ea14d8ed1

SHA1
45a0e23e599b0545bab182a5a25b26c1711154c4

SHA256
277ca183e2e47c497a0bda460a36e44ddaea88c180aedb08a31c593cb4edf670

SHA512
625a00cad06320a52c8d0f0e3d1767181264b531dd4dc4d53f5e4502817c17ad5e6cebad3a3009ef8b3ab6f0e8049cfe2f47046203fd1c3263a770d4694480f4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f137ae13bdb04cf3f13f91d57a21da39

SHA1
348b96f6e9cb9666185f607715d07225bc655b15

SHA256
1a85a23a332936c5a99e663faa628052eee24c00c70adeebc5307e4f9fbd7761

SHA512
8d82b68d0aed2a8fe7206edd09995e674d1053a89075684cc4d3754d790c3c5b250943bc9f00274bb5eeda8b53b365087137276c72a51956fbd818bd1c3cc011

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
9934802b9827c996e2e30ee1e9060687

SHA1
f0f124bbf163ca65f2cdb35afa9bdf570d294ec8

SHA256
a1584112b144cce0d545f1ab9e47432f2b5d9b9abb4325d61d2e8860557096ab

SHA512
0a22c4241fc5a3b43e5102af260ff5e5dd7e01f74cae03479ccef77c00d1981d93c6c9b32b12771feccd8548152ada879a04fe40985c16cd4841986a45f2faf1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a2586bf0b6c320963f309977eeae1dfa

SHA1
63e5125c2f3a078ab75fefef136c3488d481ebf9

SHA256
95da98099b1991c10c4db70de3a5058724cf3b4a50402626a72f79dbc506854b

SHA512
d39d4631997391da90eeee68f9bdd880cfece0dd4cf5ad36bd8fc8cf341bef2da3c084932c8d6a7d0ce9b13467cf8ddc9db84d93a25520e431ef712d2d0de8b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
f3007044a23fb085ea46b913160ac748

SHA1
71d42a3a4a8b4c9d49626e65002cc107c6b93a0a

SHA256
a236681a6f9980e3ec0abe678dea9e55309169e0f8f4e79bd9804e191c51de4b

SHA512
920ffdf4d47d6791a461a1f43633ca602669ca42a75b6af8602db6fcb0da596966c7f54bad4267b488a8fc14ccb2af54b6b4c61d4f4d9afcf76e1907dd26aa2b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
807afef0249fc8eceebab97f0f975211

SHA1
fb9ffd9c90b7e371b02f09e8d5ba883c3297d735

SHA256
3087c23142e0eeeefbeb26351722788e9c40e1805bc3c9f8dd9b5ad9569864a0

SHA512
c51719dcc4bce3ce37ac0188bfee58abd39243f8455402bd3063f23498abb4de7c02ae472baf4a3727c7f381e2d35e810ae8fb847bee9dc2fe5162fbc93aaf31

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
3228b1dcb1d0e144320449dca596d160

SHA1
17ee5e99e1d6f2aaa9ae293e35fc88d2c618b391

SHA256
b385a4558ea2ae5f248c8f257a6e0ac8f439d8a04bd6b299870b73423529882d

SHA512
7938f9ec6ebd9c20403065cac1ffcd3b8da475b47f4c02d58a2b1f250bd357039711da1752ca497313170732f562e6c0497b59821c9bd33335cb828014592354

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
73cd92b4a891cdd246e447f405f22ed0

SHA1
fe07fb45eb1ac6aa01aef16162454c54f75e9913

SHA256
0a73e2e43fe9a670ff0df756145de8e661ffa44660b3ff108c519aa1ae3b8aaf

SHA512
c55fa42fb3da7de78c42ac10b0f3769ff139b17a033d0a2abaccaf02610b07f13d21751ead998bb0e1d800f12f1f99d1b53172d4f6de1c5243a398e3c5c48ef6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
5bd739ced9999eaa4beceb47bbf623d5

SHA1
b97574d6aa2948fa41c4a7ddcbce58ddf8ed0b82

SHA256
6d73401816f65fccbdfecd0d4ae5828317c5600d26a4cf7c2544d0291fb08a48

SHA512
1f6ae35b67eecf73b94aca5a7cd455884caa9e8324202f6908ab27c28cb8c0814ad855c3cf24ac70286c56455e2ae709c7e60976f60ffc49ea97e16c84b32e61

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
15b31b433038498572483c61fddaf3c9

SHA1
10dd53f52994605fef50b50b3829155140c09beb

SHA256
daef3b93643f8d24140e1ffbf9cd10fcd2b34b08be538e826271cda3a6615fd3

SHA512
af027522a063cff07979114ae81c38a810ccd49a81b80cb6dff77724812a282097c3c59aabd82763e436ffb1ac211a9dfcd84403a98ec2d4b85e24e8ad1a9975

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3036b4ea16a0f537149d36192fe9611b

SHA1
e964f40c96d06f0c018482f283022715f047502d

SHA256
34df15b5d87b7905658f1c0d330b8717dc560f603443a33872e4646f20e1d46a

SHA512
67f3e98ffac7c156a70495b97a13e837db1d3771c3a9a62db23981a57e2b043274551c7e92ad3e175aba78367c0b62f48705107c7d851c2c3707e2c075faf863

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
033896280c89341d2ef7c3800610d199

SHA1
c81e3c79b30b676b2e93638861e73ad2a43f250a

SHA256
80b7e169f4b4347e10e7f779984d85e716bf64151adde8a046f5d841bd7762fc

SHA512
3d9c090561d43204cda250d52b17209169da66af4782baed613ff79aaf6bd38beba0c5cfc15e74ca1758821d8c3379def4a33fd9bfdf1a4a5d4e684640127a53

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6da4416874e12ef3a7f8d17628c344f0

SHA1
be47f035cb0f661a7aecc7435c7569d0d3951a65

SHA256
51c14e1c2e7ad55d9ac6b9473ff998671c5977d8a25f71c5deaa0e31e4b7d15f

SHA512
43e505ad1c200f663fded4006259c41a19859b09f2d69d61513c92fde8abc913a1c878fa57e220caa1c7d3489edac9697fec7fb36ec7b9a00e53f4ba26f866ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
b8c00b300cf7fbfdf1b4583adbf7d21a

SHA1
db6e381f8c884f79ce33827be63be62d9aadafc9

SHA256
543d48c28fc0388cff62827f6152434f6682e8f7b7a5ef2f7a9282c885704e77

SHA512
cd9fa4054687cbcdbd14fb337ede1b9f91091ede4aab84e272ec3b0411eb81f40bb567b7414e420617817125806a2bde47edfd4d152efad14607450f5595a1b8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8b8d724d731771d68c05b963e75b8bbe

SHA1
01794e64a8f0ca0b8835a7fffc953be00c25305a

SHA256
c06340542f1c6db02f44d2e03df64ec6b5f64de8f4e5d45948248478f3cadd60

SHA512
1d27c00b74f5f706283a2d778425d8d1167422794bb8c96cf1873d5c242b02a5c33f74ff1a95ceb823f91ce27249ff667c3644f5fc725721535aa652ee7964cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
7b51db0387a24653d6b301cdd87e9b5e

SHA1
80b50dc747c348e642cbeb8be53f95137a0fefcc

SHA256
47c04579b05416680fbfae509415053e7fd177d3bc901b1a1cb88c09a9e364c4

SHA512
2d4797acf434678c829a8a2bebabedb0bdc422b4a6d0ee031c5f80fa2ed6e1792bf4b9ce342f372eb656844e2045d54d6a8d42c921bd1022e017d5ca0f3d8ecb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1d9cdd8c9f2cf5a3e6a55fd928c21aa4

SHA1
ab216c8d9e51d782a0318ef76b70bbf5d072e9d9

SHA256
bd8703619ab3e7489d1365cd0b2af168f1f5e2f0b37507a75d6512897f3214e8

SHA512
2c14f2ea9c2db1e09253af75f2d3ad3c8bf77d587c126a0024ad64ff2a1d17441abf2a80320f7ff45215a38b6d01d42805430879940a9c7fe09c522071eff78d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
e7cb08e08dec21ff78c72f5a9d2eeb69

SHA1
e6e47dd59627dfedde4bf5a286237573406c28f6

SHA256
9c2f41c5e4a84824d5f3a43894d9ed1f05cb204ee6777142f26abdcedd630e35

SHA512
5151c6908e2732425f81cf32e006945cb163ce41c65d99b970f508beaf6e8ec2a5db9b7fcaad6157095dffb5f5750bc9f115a7c297043c515cd14d36b88f70c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5075199ac33a9f64a89caa3f343022f0

SHA1
49b532c3a9e7fd604d28be6b0b0bb91811cafa13

SHA256
aeafe43842a6ad9f4c5fd3ad94747283ea495e007e4e4eaa790e8c17c1454f90

SHA512
0af1c20161d086351846aa8a20e059b297c963b66d950a4a0bcfa5c8bea91f20d74c7f1a177d16360865252cc24a702c1e8ef59ad746e948be18ecd5f91a0352

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
93f22b60a6f5e664ee2a8e7174402287

SHA1
7b9dbd96626f0f12260fdf0020978620592ab9be

SHA256
9ae8bee62eee5084ae4334a2572dbac2c56f353fcb5a0b28cc79c877eb55f22b

SHA512
2cbe3c13a61bf08950602fb7a1b5e2107889f5792559541acdf5f306b119af92f00a560305e1b26ad22d6d3a3d7c9fcddad1fc0604911ff20c66d13c0af81a97

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0e4c5851b8a90c57e8f195a0daeed307

SHA1
cfd7c7f9c8e79763cd837c1e1d8b999915ae1e93

SHA256
334682b50bccafb8e673db14fb889111800060317efc8e1d9c7b978ef83d116a

SHA512
4feec9a235e2c59ac9cb2f68989aa7aab2baa6bbe5b46f4b968b3d9f28c839b611f52048e6bd6e9f8deeb5664a21e64efdd33c8539a95bf181fcd86f2b1b1d2c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
9a1d90e08e6b2448cf640dbcd4a16f73

SHA1
600220337e3f08d9a8b9a95733f8600fdbbadb1b

SHA256
03c0e7c7c5c41e64afa407f695168d25d1d389562115f6dbb9925ecfca748b0f

SHA512
92451a95591aff8af01900b8be0933b6bca6059f32162bee9dca6788552ceeb591541db7f6e78c57cb8a18bd57ddecc25928132a0abbe82151b3b8d82199d0a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
041e0701911edca5ef667a945a115c14

SHA1
d980755de8a0fde8af8d98456e6653db88909c7a

SHA256
a8d79f94605ad0d58287b12c64a893aa7752cf01d4b4a3bd9159a9f512ff3835

SHA512
1aec338b028e1692cb206e9e9ed08c3159b7405af8eb6551c0797265d4996f778114a33d63a1f0b9f2fd288c888b6e92e0f5b38590769ca79ada79bd7c1d5b36

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f928913588042cd51527d79161150a81

SHA1
6534fca53bfe04e31c44516b4a98518a7ef7b336

SHA256
3f65651bf0d4be3a4e19e2724e6290cf7c356d2486bb13d887614f79880df9b4

SHA512
9f096519e449f196556c5c6028987e6d634df1952fc2967f85385c8c3c0f5070db0167c727ab448749455877ab1d3956d785051fead37763e1f627ea33069e7e

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
2.8MB

MD5
366a895382dfa1e19b9ae372e4f6866d

SHA1
c167f7de958f7ef00cfd7ff1ddbd71d73fee6c88

SHA256
8a533f8638ff5323555ad459b207049001797ca84e71db5c23512ccebde09e14

SHA512
38415c6ae96586ea6f675d2db579f38ec1aa55dc1419a7f1cef0951ae62943e3eedd796fd31ed986e2324ebafbee59f53412977f3e4bd5c825e9dafaf78238fd

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-195445723-368091294-1661186673-1000\desktop.ini.exe

Filesize
2.8MB

MD5
c45b2f1cae3d683fd5118cefab0df951

SHA1
f1f462522d97ca6f842eba3cf7bb707da51f768d

SHA256
0cda468c14b51ed6989dc9fa2db5537e7e4b286a3fbcda307ed2a493140c7d50

SHA512
42505b7d43b9a00ca0c9cb40d65302d77d3f0d374b40d5f558d96e1301dcd89905ac7d8ae540d0c3f16becc47e0d8349b99edcc3ac571d54ce6934f67d6a2d1a

Download Submit
F:\AUTORUN.INF

Filesize
119B

MD5
0262861fd52ad31f48a2932e6c0a1104

SHA1
c05081f0e7d8ad87b9046040eb3e43938a3b95ce

SHA256
a70f131629a437d5e69e388eb964d86e41054ecd1a85ad54c05b54785556d387

SHA512
e8770bdb92e002259e30fc207daf827bb81a1504334620ca5f800f38d49b393c9204bf7c75b240c80eb096e52153e23a044eb872e183fdb9d11006f7ef3aaeca

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
2.8MB

MD5
82218c42c0b0c726bc52fe1d36901cc9

SHA1
dad33cc4e84c48ded034cc1bc58240c4ea46a115

SHA256
7fe0c29468bc2390d320ae6d7af0e3727a5323e6b2e8d0b4f434a752388b23e2

SHA512
94479bf2f9460188109c4803abe47d89a369fabad40def9ad102dfb5fa36c9cdac1a6bdc3a98477e54076604783526b0330c1e8f0e92a5ba4d2f898ee6d0d240

Download Submit
memory/2564-56-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2564-0-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2812-5-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads