cc65535243dfd3cd54a9c5ecfcb93c7f918a87c725e9c52925017ab92effe278

Resubmissions

15-10-2024 03:47

241015-ecgjlashrh 10

05-08-2024 04:49

240805-ffygys1eke 10

05-08-2024 03:50

240805-eee4jszepd 10

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
Size

2.4MB
MD5

84e2bf751724e3b0acc70b67ee1b8e96
SHA1

2e1c9638b022901d67c69ef17c6acd12fd6e493f
SHA256

1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0
SHA512

56a229897c812cddd7f0b1847cf439f910350aa11138f7165b7c7f697095dfe5ee64e875e4262706c20e7bdbb59a94512386965e83ac9327b0b6967377882aef
SSDEEP

12288:sp4pNfz3ymJnJ8QCFkxCaQTOlPes5Z76k/L/KB8NIpYJTCihq82WFpXKEVFA2MCp:eEtl9mRda12sX7hKB8NIyXbacAfe

Score

10^/10

discovery persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe

Executes dropped EXE 1 IoCs

pid	Process
2564	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\V:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\B:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\E:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\T:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\U:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\I:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\Q:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\O:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\P:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\G:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\J:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\X:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\Z:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\R:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\W:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\K:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\Y:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\A:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\L:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\S:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\M:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened (read-only)	\??\N:	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened for modification	C:\AUTORUN.INF	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HelpMe.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 972 wrote to memory of 2564	972	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe	87
PID 972 wrote to memory of 2564	972	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe	87
PID 972 wrote to memory of 2564	972	1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe	87

C:\Users\Admin\AppData\Local\Temp\1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe
"C:\Users\Admin\AppData\Local\Temp\1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:972
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.exe

Filesize
2.4MB

MD5
f3c7e5d78626c6ce5f8cd4ad5e67d46e

SHA1
7e4eef2553e47384ac032fa1ed88b22d950f7207

SHA256
fa08d768e9a6cafc8831b4630664007b1792d6cd27863e27f966b1a9d3a9156e

SHA512
5dca5e68d8ccb3d71a082f41e41f828141e0d1eed20076a2a645a8d389865d8eb15ad4c0ef90fb5869af0ea0ecda38b8a470ad27c3dd7e07170bf1d29fcb2f63

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d1c87320c41cc9b91711ece2358d0881

SHA1
575fc7ceb6009e1588f409f07fddc50c2b07d82a

SHA256
6801ab6ddc3f5f21a842511efee1e27b76d4be2b49c85b7965f23c4a82575f41

SHA512
3428ccd7f82043e61a5d983a4557f1d3cffcaa8d7f9cd219e9543d5ebcc6c4eb3cbbc2b820829e99ab02b8127c1ba7027456ac6b0ed779f1b0e3ef49240a92ae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
c38373d918317fbd5899033b0693ad73

SHA1
34f8ae92de6397d2c7b4e89bf64b88c94f422f8c

SHA256
e7f45dd8cf5e90e40906025ba916d63f0069183973b2a211ef127bc7b018df4e

SHA512
364610418f945229366eff48c8c64ab5d2fb1631cc46711863c10b6f4ad3342be17245a1851cdc36ddeb9eeda13c5e82d060cc77c9c8dc824b774854c3163b29

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
15907ab43b6866a0e60dfd9b4267fbe7

SHA1
e27b5bdb00ccd780c441de32f777b471247abad3

SHA256
38aa5043ad1073f7ec41fe8ee7f0cf02d26ab6251a732570df9e432f2c6ffb17

SHA512
e47e0d1233219437ccd76aa6f99a3b94733543aa01a7f0aefbeb2730f9def121230bc2d079a5fddbd30f4c6fa0a5d6a4e6d0698999050fc9bdacd4093a443cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
7fb2e23eb7b8a32a3f9f9132d8a71d12

SHA1
ce43687c78710ae582793f8d9c691e8a7ecaa177

SHA256
061b8583fabde040dd970a08e18037e478892709e8888c1e1abc6d75ad0a60e6

SHA512
9d890993186b00094574f09897f9c1438ba880910ebe82426181fc89b96474dbfcb31e82843530058dd29de8a7c5be22c276fc9b39b08e07aa59c6c7da40dfdd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
36a14ce9571c9020afa9f3812b3db785

SHA1
33fec4833304158a85bde47424b343ed943f5737

SHA256
73ac96970b34bd58c44c1bdcb4526b53730a9472013e15d4d1132481be85954b

SHA512
1c284132bf7a03de3aeee2beb0f08263135ac77ab3a381b43f1117c73fd4144655dc4b1a05bcda76e542cb6cdf91071cf4b42f3c9fde2292a6d9f66947180021

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d559d2c1cc750f1d20128cb129aaac73

SHA1
87c1ff444d3c9b3cb0a44a39c842ce11d3c5f724

SHA256
3098b84885177d78f461c3fbea3cb27fd537db4bf61d9df3d3dbef11966160de

SHA512
ecbcfb3b1dc0e07003defe2bc089485ff7508b26729797d37a49d50b3f4cda716b6e5b3ce23b42ab9c01b22d2edd2cfe3db29c6d12e2ba87d8d2d5c57bdc84a9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4981606f91cf215f0211656c9617ce80

SHA1
d0fdbc32f8f26614e91ca73ddc0936aee0303601

SHA256
04171926c98ae792068ccece149c764a1fe18b0b6659f2f67bcfe1c6a4bd9f82

SHA512
8d7bdab826f95b0dad73cb10c97ff03e25f3d872ef62dd4379be921b2471212f8f92b47fd7eb0dadb2a33c4f2e0c7270f32414ce7f1a6810e877a8d74311ab10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
98fb6df98318ac6f33c463b0a0f080ff

SHA1
b868825a7e32711a37007ce1cb87b2f26519f0e6

SHA256
58d54ad5d5764a427a82dc486c4e3f61c28040acf16e2148ac00179ddc8edbac

SHA512
20c9f68dafbbe98f314d292005c93b9a67e9811a362e887c22e4b10f1d9d8c302b437e801620069eeccf1c6651b8751e7198dd0dfb1d73cfae4ab75ae60c1dff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
968b978249685e9f95dd280f91c914d2

SHA1
10c7c0399937037cee95407858c2caadd5d59dc0

SHA256
7d2f7a06a647442354038e49f7c7dd0e74f0c3438772576a4da4eb80f455ba89

SHA512
e4e6a5d7baa0136bd5f2ce4b3eb463df1e133d8286c19cf04d0151cbe3c58a12a8da2df155a7855ef7f166a2eaa893f8ef90321a1e82cf62b3cb71629127c82c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
180de25d77a0ba8a05eea7ebc55dffbc

SHA1
5010b91048496740066cbe4b09ae2cbcf3bfd76b

SHA256
79f09ca32b5958b1d66cee1917174ab6dbb7fc2d7287e65ea3d8e345c29efc46

SHA512
6094b911ccbdea193a426ee498f67255ab7aadd7781fad1f9367279297571f1b2e682b73768ebdc82382aa93940b0e947397791e98236ba2563aea7b5dd2d691

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
97291ef6b3510a6f1a059a55fefc055e

SHA1
f6778575d6adf39d390afb33a1a179f83c8468b6

SHA256
3a59af87caa05c39c72e5dbb53e8a3600fb1ffc253779bfa114cbe0c2f09ef7a

SHA512
333c60903f61fa74bd0cfddd08288d6de556926dcfe0b3eaa20fcb787ba91a05f770a63033de718470d61f76af2384dbab1949f7c99944f3105108894e995d51

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
7a47b92283289fcd5796ddf049a213be

SHA1
e282b4feff0691af44d63e7bda79207fe6ea1015

SHA256
0997ab1629de6ba21f6202c6728cb940f6ff1d3cdb9bf08fd70b34d5cb9d3648

SHA512
85970d414f8f4716dff0b3507ecb234adf97e4ba2e82652b6cf8a2a512226cf2b20461e12c164afb80ec525216570d147b1f258b976152a4b26d5519df688ac7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e1627ca08f307136b6216f31b411f740

SHA1
2ab8c91f9fede2d7f1776eb8ffc2352614634112

SHA256
a3bfd7c197f1cd6eaf388a4d20cfad63563533632032725423657e23b64b1a4a

SHA512
fa084984b3b14a146af8aa5165e08a068370928a918c6884449366fe8aa2668d2513f8ea8460a5365d52e12fd637be6eadc0f855139a8a939a0e68a647e28f24

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
f05fccbca501c1db1b6968059e9e1331

SHA1
a6d7cfa9c6b26fc6b7e0e4765c91e9cd747dc29b

SHA256
443d6d26f44fdef91dad6b46d1098b7c428b89d20b968ea78d86b50738f6abb8

SHA512
da71f6bfdec08af807dd8936af20e7e6b34eca6bcae1c7b5b1f2ba21e97a1414929f083a8a685f76257fd9394ebab95c499eb0f1c5a2c2cc0e2da7b63df45268

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
46c180d685e6cf493638e047f71316e3

SHA1
fce94233eada62dc347a11b41de971ec99775d57

SHA256
12ddae25b2e2adf226d615566275c1898e90073dc9ba7e9ce46e6b9ead5546b3

SHA512
76f09db1a6d46f1a7d890e9bb80ecd3d94e9ec03656740e52956fff24d08091e285ba70b7993fed491768acd2b0c1cc663d80f0b0f955490c666601be3ec66a7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
234419f4d9feefe6a55b702896e065f6

SHA1
8ab50fe16e7eddcef1e3a0bfe9202c4789e70f26

SHA256
3d45aeb535929ff1e2159586fa4b17c688365f62fdb392fbc19a5cca9e194ca9

SHA512
cbc7f6cd71a6d15974eff434ac8f315d9d490f6efa75099e0113ce57e1f4d93ad91237668e473e5beac2da21bf26eaac9a924f32f9b1bb1c0d5c759b0f7f8d91

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
997b1798659826ca7e5fe2a71e5e7b0d

SHA1
525d56bb72fd9c98a4165fcca431bd66f2dd6378

SHA256
43b87f87547df4f4468d2a2cd5234e6eafbe5422a4c14daf44aa5c345411367c

SHA512
d53393583f3adac689794789315caf2a5b0fb891c431e0aad2426f5435d3ebe6c61245922f939141e81bcf22fd58a2628b0d511aaabb725985e267f98c25db9e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
df1d2bfd96e448c460afa9c905c3ea23

SHA1
c80ae63e88a89d7fc3fff7973d90a509c1ed2bb2

SHA256
182bd271766976296e48ccd57d321aea10a0c21de803e92882742c9a3bb8a404

SHA512
f67e4de619db22c9cc239f5526575cfaa7b11b44894443d296683134c44d88b93f756d455bca7a1a47691596eb24438806822c4044c771befc2cdf2e7cdc0bef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ab92ffdfa4e181007d25148c2cf7be1a

SHA1
01a9cf7a153eb161bfd88b62c1855b0e237696cf

SHA256
164861d3c8263bccb3ab0a924ba2d8d7110fe5c05bcdf17dedb054487c53e171

SHA512
d889637b5f02eee72fd8eb93872b5d586660d328e66e9781754d973c8d53658f50476e00177ca9831b07669f18b759568f21c2698be0e8e65c2c1a6e478509d8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
df75fd90a7addeb398a7b56e8368d358

SHA1
691b6ebf42322eb916c94e2795bace6541f0c8e8

SHA256
6bfee02d62f5545190272b93938c5bc8660158e4c7b19f139cf2c271bb85587b

SHA512
f61dfe258819d7ac2c41dd6d83a6961e7b332a76b82cb41d3683d0599b8306ed95896f38b6335d4327c0c8d24c7f3edec450f4f6f2adada96f5815f151907bce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5c5c122522230d3363289c6c47baf504

SHA1
22c6baf2670e98dbfc3b254e2259999d44760cb0

SHA256
ec8fb551ce901ed65d76a59a8151d0774b24293ef808759cc50fc351c5a77e95

SHA512
36fea1d55392f0046fa1d85c962a6fa410181e07418c26bddcc6029339bd08a66cb1fe78211685929b3b0ac4131d22c17d8e590423aa6125263c9b87ad594b84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
f4c6984897b78b5a9015f039564f396f

SHA1
95876ec037eb8e8c3f06e404c8540366b1ae8f10

SHA256
2c84041de19cd2362f7076af82d50d856c756526217f6199eb724b3164da7ffd

SHA512
dc25a3d593aa006aba943765ce99ad68e1caac29e0f48625da825e295c570e16dd92c7158cd51db35fd888ec96d00e6b0d10b6d272c0a159b775baca32b8d2c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e06772d06563ab99cde092e5d3988d00

SHA1
38b7c3ffbaa4924f5fbdd230a34cbf1766f451da

SHA256
24d46c1189589a529b30c22628f78405af6407e7a8e97c44792ea1d5ce122f28

SHA512
3eba952c34deca8a2688eca1ace92b46b75bafa964bef8179fca41feeba5b1e913abd183a990d1c0b0101e7105a9ddeb386a1ad67198c2d0a6da82f4ce3261d6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
483a4d91ea367f63675927978e02702e

SHA1
459d29a57b140c4f41ce8f102aa9b83784857fc6

SHA256
39e10ef35c5ef8018ca17a7bbf444afac466183b251224613bc73c7446763d6d

SHA512
aa8c830e289165fcb4e39a9d359861bef93661b347f0fddaa84443a9ea8172e57cf720135456ac5cc6bfe21c2c754defb94575ea69e8b6659fc5359a684e08b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f4ec303207d67eed66f8491243dc199c

SHA1
0ee6b0c93e00c1067325392b4da065861a40593e

SHA256
2c51e917b649bbc602655d21074b8d8f3022273fc0eb6406ad056d109fe85f61

SHA512
55a50daf2fd6a79b8fc04cb1a45071050b871f3ca8832e05f4f34ca3d509b224edadf27b718326221b6d2234b156fb4e65c4e696a22aa4d05333bf3e9ab850dc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
1b7a2edf768915750ec338c0e4e8de5a

SHA1
de6186e95e09ba5ac59befefd0d3af9396e52ac2

SHA256
9a2196e77bb86f33f24ee9bc12de84c58f97a2472b266b4f73556c21caa92d04

SHA512
3d02de5aac6f2e95b9153eab69b3737cec5051c46dfc1f664a50600a0e75bc0ef8e5447c81d84020766ad4fef85a3267bf30309fb8218d0d22931d5e37bbc1aa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
30ba47c7ded6e669e85446f5e5f0810f

SHA1
10392b9f4999420c6e949390b145c89fa473d38d

SHA256
d58e5cc8f08c55d31f6db331d5e7fa6b754ec0d814eb7e50b769bab5bdc5bf6a

SHA512
eb40143b4372c5e09edda110e93ba8d7f6560a10db5a84e0d283532595ac6eb745ff6f233d6fef29a7512685524f0e9aa6812f6abfc5dfbbcd678722d35d710f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
19811ee043a07454257acc089334ae18

SHA1
57aec79e4adf5e81809fb74417464f5af5726839

SHA256
24b255dac1fd8983df3f2f24b20630350f709932610c63a10cb1e6e27cc0b3fb

SHA512
7f91daa109955e50cf0ebd5396243b3f0df37d2f4b32623f9f546cb96f88f04d590718615e91cfcaba38b655118f08c6c04e9784e321ac6f366eb878749e5390

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6c92085047867a428d9933a94960a2b1

SHA1
a637ef213dfbfb9475b7933f12d95a2ae42d0fb9

SHA256
6b5ff2397339b1299a2d166e0bbcf81c016883da44ddef6d495e5deb8e91b168

SHA512
fe5000a8b5d145e5ab84c075996ce0e96466abc1b5cfbdde8110fe7c1647501abdf88b73228a9310fa3a4bc2404b087e8b2076771e6aed105cd1f36e0090bd67

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d50b4e3c6dc20ecff7fef16b8726070f

SHA1
1ad81ac6366f0475027d77777399de20d28ce0ee

SHA256
b439a9b4e94781aaca4a5dcfac496c25f8290cbe247b85b288f7b085c848b4d6

SHA512
01d56e7e2df7a834068d340557c51da7618dc2d27bd56fb9540bd408ef8aee3daba0ebff6077d146f2c73d4d8c6cea9fbedf7278bc798f4cf1be2d9f34b90b69

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
8c907c9cdabb4cf4b7dfa5e534c03687

SHA1
34059eca98dfc098a7f2ad876a6749ec9424d985

SHA256
45b22eeef4d8008017d79faa2f0692b5407cbb8467bc3aecc063afc92aa2f952

SHA512
858126ad0da8702ff2f13228fd28fb61dd87cc3958de4f5460c29cac2242010db84c8872c780880d144fc3b442878e489554f125711f11de657c9cd0b4372ea8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ea46380d000316cce01d2e909a0c16e1

SHA1
a9da4b4c2f5621fae9e6af2aede9279631132593

SHA256
5e3bc5f7a7e7f9d5513bc8f5105b0a727ba9211924bb477d7aea817fb455dd6c

SHA512
80e1ed0edee1a1eb24f098861be92474f8b200cbaf57e20e2310abf2981c0f1e3c53f498d129926cc2e0a771c1d36c9bcb37bca47add4d4fcab8668159ff8176

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
9a9c8682f8580175a0a0a6d9cd33d2e0

SHA1
a9639397f9eccfbfae323a67444a66e803947880

SHA256
63fd9a218be2e25582d26e27c91c6f445f94e001cd560174984ad204965805b1

SHA512
1f3e42dd4b43767fa5359b0431fc94b565129a95a09550df2a1bf3d68f3fbcbb1ed470ac570af556cb88a9a327b94e7bf6d968ec9098c388c14e3481fe2b8c36

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b3206ebadc30d2aa9e6be90d3dd2206b

SHA1
63c9306a1d3bad16ec5f6c54955f1f168f626097

SHA256
fc2c41a8ab5679338e1f479455c43fdb500bd33d7aac32ab2b4b31183a005ef6

SHA512
43284f97196d0f3a57d2852ed60d4eb96a140f87e7fbae2c68b27076b4e13994685c1e022a28ee3203a005d429baa11d1296bf2219e3e026537947e14a4bda78

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
099ec1e853d52b2dec6695cf663075fc

SHA1
46c59feb65e00df8039525a5fa138b900a0e398e

SHA256
80d56c4c0b104f92981d5ee4b6ef3b38a64dbc5ed4a1589dae688da4f70f7c0c

SHA512
16c30a5fc8ae926c587d735d28a6dcc98116e216a71e0dab984ec705717d30c37a2b8206a68771e52f83bbcd17e90bb8c9ed87bb95acf642dd6abad6926fa28b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
f3f6fe569f29d905408c9233afd9d239

SHA1
6f335cd1551d119aa01e9b6e8bfdbacd734161f2

SHA256
01ae2e38797b3fd7a6b1ff94bbde94fb2978d3b6e2f888c8253f4fc84a9b01e9

SHA512
71a0269176b087b55f32bda5c9be5523e08fd1b84ed18234be46a305e7e925500662022aadf195ecb25b8a939d031b5185a031d2dc4f14e734ba93c69d72af06

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
763b5a9b6c2ec0b2ebfcb26ea626014b

SHA1
93116724e31f245b864507cb4914f5a6778c9474

SHA256
c71f16946af09fdfdab1009b81631ef52b5c48380f5fcda4c6038b8c8aa7d1bf

SHA512
89cdca3b49d246bc7c038a028f6ef44464ed866cdc9abfa98c2d14ac81c9ab9c2b4b2de2ab037c2a24a8ce9c874c07fc8119dcfbe4c515c347c09f393a7d2901

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4932d615a4f065ec493848571edc6019

SHA1
e275a34802b8e93d8cc577054fb87024afe77bb6

SHA256
f202150d8a0b3e9caf05ea0454350dff4687b8fb9854db45adbce84fcb0390b4

SHA512
97d78bf0be2e75798f93d3c761ae979671272599ff2eaffa42565201b3af675662e4ea78ed0d7aa84afb5aed10620c8a6db6d573e3bdd60613df4afb219b617a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
098f025fa10a3b19b3cfe2e77305fb64

SHA1
56789e7d5dd5d72bd59046f6337362f91e19a288

SHA256
8b76dacb2fd66ee45cbfb6edc9759de94cd01b481fe8ed02f2aab0c688d75f81

SHA512
d6ebe02f8068968f94faaccb93f6c2c5e438068060979f2937a412bb3cae4d96d313e84a8590355404a1e1c3362829740f2248b08a52b403832130d2b3a8fd15

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
a307f02fadf4292129efd64f8f84efc8

SHA1
c70bbc1771ca0744a3841bc9c2069382014de691

SHA256
1f3fcf243cbfa3bfeeecfbf382f0bb468b1a0a955a1130f6ecd9b73c4ca6158b

SHA512
03c7c74128851df7b10c5e8ea0cbfcd53aea7ea23e052a03c5fe9fccd27f5db4e0d38d3c2ae4e9480243ec35d125996c4357109de5caf6a187e8b763aef32ec6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
97f3ccba52aa13465e04acf68ac60ee2

SHA1
7d0f4747b7c5114e1db9936d67188269852c9f4b

SHA256
8e156dc1f28bfd57c073ec6cfb6865f6d73a240e8bbf667c2bc60b5c6e33048d

SHA512
b6fc1721c11f370c46e8dc7d170bd62bc2bfb42bb59bce9ace5eabdf3b2af96d6db5a7ee600c6f1ba9cad29f0484e15420a47c719112567abbca805b645ecebc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
07aeb00c6321dbabc381b4b7b10c1e78

SHA1
dd25ee35743b0cafacf5e85b5af26fc75bf768d3

SHA256
afaaa8d7f910baf44544b1939ac5922523834ae448e7afff5c910afb8eaeb455

SHA512
08f1e9b015076c2810bf0a9b5781fff3538bc3be4a991ad79c770c3eeeb613abc18e7536ed2df0866956bb50f020671dda3ffc8c89c6f43b9fd0cc73d663ea2a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2576edd799ceae6cb0d4206e48252ce4

SHA1
cc22cbecff750e6b473f292106fbd73656b4d3c0

SHA256
fcd95f0e46fb6ca6f136353951c513f57efb902a1baec9fc4508ccfb03ecbf18

SHA512
2d49834e78ba2b561a60c28ccda975f13e9533261f5251ecaa41969431cae5782fbde75424149f5c026413e4d6049b0d49a4cc8c31125eb86fbcef3106dc7e21

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
31a156086e914d111f69755187eb55e3

SHA1
f8fb255fc72f862fb03e6d942732ee55510a64bf

SHA256
965cc8d5c3cef0ff43779a59319515cdef1f40983519085a7304cb5f1808f0a0

SHA512
a379e3289b73b282f8e2467c95fa90aa3aedd81d0426f43b4e5980907f9f75c3a0cadbc7bb7cd5812004ff6f7080c733cc1a7f431c7a8ced021ccca8fdb8e45f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
dfc71e75421f2e9108d7f30e54f2fd45

SHA1
2e804772914e4c1a26959dcb78bc0303f5a062ad

SHA256
b5236567dcacf2583197dd8aa54d9ce3fbf430188c0d0b951d2bf01db6e3a45d

SHA512
97f94c2b78701dcc0950fdd06d30ea928f12bf15bcc0f278254fc4bb477c5f048af619da67522d8d7b5c3b45e6a379c2c769f0f7bca7d8ba48a40af526dc5b10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
74933325d42682b5085a7147387db583

SHA1
a420e905198822c46363a9b1ff1d6613ee3b6b4d

SHA256
4b3c4e06ab8d4b71d2af19aab13f096bfbba3f965180896f5cd1432636c3cbbb

SHA512
9636c5220d203ba55d2358e272fa8d4b8ab62237f906e62b3f83ced818585edc01785bbb467927662cfc297a346cda3aa8fcf1fc0f9a68be68854909371964fe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e6d6b14eaaff6fa0d9d0bac020b70821

SHA1
03b834f7ba9e36789db211a6067f127861246197

SHA256
0bd979be04acae6c30b28d049db476894d9c988a8710cceee8767ba053474b38

SHA512
6cc88e8b597f4ca5b8a575c4db650b227296b65371a9bb1aa6bbf556d00d0b8cdbf6537f9110a0eab865b579ccf57fdc8df5128e9c5be71170ad3a898db53968

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
b63df149aa25a628cd3243f90950ff72

SHA1
89ce6258cbcaba9177a7cd5e8dc085772f8b04b1

SHA256
cfbb58882070c4f3c60c82ad31336f8925cfc2b54e97a0e2fa37790960615752

SHA512
b6ab6419ee22a278794a598ab1efe34bf18628ea97de56282cab0e8670dee794535de373f5e057069a51fa69610e4b376668d8296d5cb628c3f87abe94c89695

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
744c1d4d5cb8b43534d36187e39d3190

SHA1
29e476b0d158e860c68bd435a3cdb9f8c421f19c

SHA256
a2bd97dbdbaee5a4c4075e9032e64ec645f7fb2e2e617c51cb570c92267b53fb

SHA512
8de4a1e20099fd6429cb22c1085924bd179e9419d8ae379545ea595c7c36ffc4ac60544936401fac600e6329d2d1f8a8bffb9e9f4024862719b47cb2fbe13654

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
f43be9aaaa84f0ace8c1ca691f648c6f

SHA1
bd88d10b245867634ac995f968e2df4b61c3d9d8

SHA256
6ead2165a1af04b550622adeed35356e9cf5defbb4b701ce30bb606f84e1d479

SHA512
ed74cd5c847749b80e88da6f49a22bda1411c62e1f1020071bf4b63ed4ef9b7a2ca36471ce74db8edb5534542fd83b50df1c132513fc7a642cf1ec9f1c668217

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6a31a0f0aba777cd808e2b18809d5f80

SHA1
76c518a506582427368b16deafe77803df548b36

SHA256
1207cd26ea472f252ed617cd0533ee55b1438c09352721bd1a04062dcd16dc2d

SHA512
2f74359b0dc345c608d7b7ef6ff0c6a730cb214e8a334461bd4d89d89d1daebd028b4fa25b913a087a031bf376ae00fc569414229df7a21fad420f253da4a7e2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4a7194bae663828eccad3adcee61e7cd

SHA1
80d90528fd6638a0f04ca2a1a27ba25d964da029

SHA256
0d84cbdcb5c0b228f8ca3df232aa6a1ca4fd1f584f3b3dbeae913a786253d7be

SHA512
93ec7e0e81c3708acad73d17ba6726a51384fc668833d360a1361ec266d2f0abfeec24f8f1a7803a89d106d46245079fc2e58b1ea76d4e2040815d00f4628c19

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
2.4MB

MD5
3186b2fa1bccd38746b3fa55865556ce

SHA1
37c87959085f3f2903592330b8bb745d8917c79f

SHA256
7cdbe203acf89434221c69804bf8bd1e44b413376fbb509301c80a84d73e3ee9

SHA512
81b61776570826a77acba1f44ab6cb5fb64721a8d2848521b8b394b3d957840261becb7bf914ac4e64e8f68f1c4cb2a79280b375f0f63aa1dbde69b926800dcb

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.exe

Filesize
2.4MB

MD5
cedd6e68d2cc4bdff3e819df130fe761

SHA1
870a0220076dde8edd490110a3fc8871c9527d7f

SHA256
dbbeed733d358c063c8fe7aebc22470a8b001a204b9c441ab80208ed7ff3e3d6

SHA512
34bed30ffa6bf83420a781de291c5a3dbf22cba3695830c3cc69af544ca84b6ef773ea8f3a439e257f8a0e004ce9c83abacff39f30e2a7150662907050568ddf

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
2.4MB

MD5
84e2bf751724e3b0acc70b67ee1b8e96

SHA1
2e1c9638b022901d67c69ef17c6acd12fd6e493f

SHA256
1db9ec5678e417eef3d6e080a031c8adfc1fc85127317b952bc33733d93841e0

SHA512
56a229897c812cddd7f0b1847cf439f910350aa11138f7165b7c7f697095dfe5ee64e875e4262706c20e7bdbb59a94512386965e83ac9327b0b6967377882aef

Download Submit
memory/972-54-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/972-55-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/972-0-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/972-1-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/2564-60-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/2564-6-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

Filesize
4KB

Download
memory/2564-61-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads