ab8f380f5ff1b502a69b71d72f6e84029147e898d88b141528c5d297e90498b3

Analysis

max time kernel
115s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d386b2acc35ab05773bf5c6ada33180N.exe
Size

621KB
MD5

7d386b2acc35ab05773bf5c6ada33180
SHA1

ecfaea3f431ccd92253b6edcdb22ff756aa044fb
SHA256

ab8f380f5ff1b502a69b71d72f6e84029147e898d88b141528c5d297e90498b3
SHA512

e6a4c826d0b59424a6fe3d457947b070db971a1cbba72a2e6ed4bc246aa7d75c559b9fd1ade32c85241ba15c351ff78187997732d30f30e5dbf52bd157769f72
SSDEEP

6144:n82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBilk:jp4pNfz3ymJnJ8QCFkxCaQTOl2GVqH8

Score

10^/10

discovery persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	7d386b2acc35ab05773bf5c6ada33180N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

Drops startup file 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	7d386b2acc35ab05773bf5c6ada33180N.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Executes dropped EXE 1 IoCs

pid	Process
2800	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\G:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\J:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\S:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\Y:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\Z:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\K:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\M:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\O:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\V:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\N:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\P:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\R:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\X:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\L:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\A:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\W:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\B:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\Q:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\H:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\E:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\I:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\T:	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened (read-only)	\??\U:	7d386b2acc35ab05773bf5c6ada33180N.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened for modification	C:\AUTORUN.INF	7d386b2acc35ab05773bf5c6ada33180N.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	7d386b2acc35ab05773bf5c6ada33180N.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7d386b2acc35ab05773bf5c6ada33180N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HelpMe.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 2800	4652	7d386b2acc35ab05773bf5c6ada33180N.exe	83
PID 4652 wrote to memory of 2800	4652	7d386b2acc35ab05773bf5c6ada33180N.exe	83
PID 4652 wrote to memory of 2800	4652	7d386b2acc35ab05773bf5c6ada33180N.exe	83

C:\Users\Admin\AppData\Local\Temp\7d386b2acc35ab05773bf5c6ada33180N.exe
"C:\Users\Admin\AppData\Local\Temp\7d386b2acc35ab05773bf5c6ada33180N.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.exe

Filesize
621KB

MD5
4014b25e9495bdb8f6d532c979e22db4

SHA1
0002e58e5011001abfcec3f34276e9063950b7be

SHA256
1993262cbe0a659dbf526b474813b3345e72966f68ddf1ca78ca6e0ddbc8e517

SHA512
bdd15caa95860cae4e8d2d943fae8f3e7a050b4fb53e02af2b2ecc1f8e0e1a24b483067d0edd7a0f2edf75c8ae04c827d04dd00ed4fa91d51418c341d840f0a9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
581639fdb9432ce13beddb52f54507eb

SHA1
95a716eae27c582c46268ea86389378a9ca053e3

SHA256
06dd2c14bea1c3778501cd4cf1adfac7dd9f91d1b5c1ceb5365be481360e95c2

SHA512
ae143f278419614418f01c3144d4d7a9187ad7d230578b4cd5a15c1ca941f43c707e7d185f186ae80e03af059803dd50e21375293ea3fa32ba3fa94e7909d3a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
305722d6b548d96d0afd3a14f401600f

SHA1
2202e34dcfec1412689880116fbfd16145344d86

SHA256
b40d2c3126051c9fb4456eeb866be9e50cdf095ef0d5700e8e635824232a727a

SHA512
8196fd4f5741943d07e77a7d692b7b9d979ee024427aeaf0f670eb6bfaf29c762f99fb67d2684bf298e7b16ed237147d260d59fb8d11ce9d7011f3858701b8d9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
91ccd735e998a8ad44c28f783b606c51

SHA1
f0b69bb4a655873206af09363a593cbf2449fb33

SHA256
dd58086d63dce38bd771606d34424e55d523881e96e0e94278431635516e751f

SHA512
ab51344eb86d98d3c4b59d0c159150d0322e2da64a45c16357e6bd68a7501b65a11d1b47102cdbad5a5dded34cff24ef4216c70ff822ddbe869d657d4ea3f467

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3013e94c994d2c621d6ddc1e62667881

SHA1
11ce3ad8063de8ab072d24b9d9d960ac491f4196

SHA256
4b4cfa420c6f7be2ce5855d2f347cd38333a6d4b697cb1d85f2fbbac8b1d2fd5

SHA512
6421db57fd76c098a0015274750dce1e730a3aef1a15d325bcdf248387e0a9ce3aae2c5626c9bc224a202b1d33c876e841f898c2a591db47472e190dfd7b6180

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
fd4249ece6db4991f2a72429ebb80cd9

SHA1
f37470a44a81e4d1aca7dcd48ad783d2a67d63f4

SHA256
defdfea176bd54f9cf2a62816706f9364f3f4e8f07747dfcef8019de7763ade5

SHA512
0cc551f2811ddeb20023355408f49b6f9322dc93bbaf54501cfab8b1f99dac4e67d829601000edc3271814ce6ebfb4f61ffd363eeb1001149ad4271b7be348ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
9ccf240678a1d1bc61ff3d20945914b7

SHA1
a2aa1d4c8a1a30e67891897a212674de244f30a2

SHA256
755063a5aaf82ece37b6de84d47be934cfdce19c71dba565f6c349830de9c7f5

SHA512
a6f959ef828277b31b6de048b8a4e10ade306e779a9befc4556981bb97bd09bc21ed124d293b31199774461534edf9f494c906a9874d4f5276d33faeef781e4b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
8fbd4fdf5dfc38cbd9cad861d021b6bc

SHA1
7473850795f7989e65c0116dc2b7404c76fed8af

SHA256
852107d5e069c5ba3563931bc4c7fe8f40c68a3a135377889a78672fbe6e4f01

SHA512
9c94238f1c6552972952f061d6f2aedd9a95dd33774c8272c3d3cc761de07bb447c484d387b79e5fe28ab11e4a44350383f0c565579beed73da2d04c1724e171

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3b777edb6bb37c6863fc75c370b8b753

SHA1
033b5968abcac0b3e372d5d2fd4736e45123966d

SHA256
18a375113a744870603488defd66f7e555eeac1e21940a68df0dd707a043f2b9

SHA512
2f1b4edf423bb43e4a6236db0da22df7671955f6b8fe5ce3c59a4be40ced9431656bd6b76c0cdd7af94980994d59f18344e11137ae23d0d13ffee1c9879e37c7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
d83ce25485438b3526b2fdc8f0ce33a3

SHA1
97f0ca27108524d241294309aac3c41d3a355102

SHA256
1ca5af77d3de1c73955efe47507a5c0a950904cf7cca0ab95d9f53a67d2a7222

SHA512
1539a4993655e713af25b09fdc4deacfdaeadee29710fc2c1d159c3cb152943d094f393aff22682290abc49e8fe5cc5e5656a21a70ab3fadf2ceebe90ff399c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
62d9fc01799793543c78c07c0d18a1b7

SHA1
f0c75866440f267e096a2d6dbc9edef4455031be

SHA256
7d9a390613e5489ff023b91c00500a7e3292440f8042b23a9e37900c49473040

SHA512
eff471fd9733b7f1bc27ada6a8e9ac1d2f2096736e9ec563bba6f99112d9cc6a28781a24e52171bb6509d93861d6fc21e2afd666fea511067f090eea39651a4f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
1a35c5965983f16f029cdfd4d8b34134

SHA1
92ca00bed33fe816b1330b9ff1ac23b802273ca6

SHA256
ce48b81a1f40d0af00fa89fdd9cc712a7c6cee16dc15b1a4d4e3116f8f056d0e

SHA512
4bbe1657654d6ae8ad7b3b9436676a7e5deaf3ce92f44adcbf8a46b12af55e0fb3af599584f81d3c5477d75bd772823305bb3b5264447e820421fa827b89300d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1ab6c71936e8cc173bca15162894823f

SHA1
f84e64267d2d656ad2fa6c7c5ce94bfbbf07f2a5

SHA256
d8b5c803d9a35369ca8f29ab67ff7cf0edefa448c6f8d58e8cf287d598d86e2b

SHA512
d8dc211140eaf62c44f3aa804cd5d0d7f04088950611bce300e4f57c53ef70520ad391764ce4bc9553f0f27cabd0f9fb951fcca5a6ec1facf2d891c75130f844

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
f247c51b44242b9c68006bc6ac3e28ff

SHA1
acd39c971632a1b6242644292920f14b0471e972

SHA256
ac2edf728023e8cd1adb27c082109c2393e7892c27c06e742ff3ace9d6bbf49e

SHA512
df925af4151ca784447110287097ad6ca2f54eaebbc95b89d855130035b4d3b9647a0a8298de1559fe23add2687071929f4875ad0e0053057ede6c6008532fef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2c453897db7631449041471cbb85ecb3

SHA1
a479adb8c69900069bfb2fe6e58aebd64897e2ea

SHA256
0181d2462a8600e604e789690bf549e95f36a8899df2ffd466aaff24526abeed

SHA512
62cc6e29bbed57f3a59faac67cd57fc750a28ff32026262372d06f5097063abc1e3ff6e90fdbef38e2640c9e5cc6df049b0cca569673b7ecccdbb0a3134545dd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
d25d0bfe7be8110ae096f8f3915ec773

SHA1
1142e4a020c652f1a23aa4058a0dcd54571c7755

SHA256
f5eeb30361fca4c7b385d1fb74dc7974e182907197037d7c9acd76e0fe62dd80

SHA512
ae1bd27edcf1a4c5029c9df1e1594653b1e6afad28045ad4fbd35d356a453b5e4c500baf5ee9c8ed99902c7c6e3689784975afc4d7d1f4e508fe7ea583086086

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
34a4d96a871f0fc810e5aa75302906e3

SHA1
803d29268ae6e084f253d75d30f609c1725bbf7f

SHA256
9565ae54dcec3d8ed2f2573a6eec63f1549983d269f634dffb7d79fceecbfb3f

SHA512
b090a975e28d63aa2322ec49f4252a52c9067a845d9ddf3132d242e33929f287560f67287218aecbcba00bc8b2b08f7cfbf1d07fe11b405138efa24d463072be

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4eb073df55b4cb3423ada8c5e4c875e9

SHA1
86bf74eb43460eec93a05f2d8ef75eb131de9458

SHA256
b2b76fdb8e267c37873a67596f1dcf19990afe09b09eef0cdd4c477458954691

SHA512
5cadecc0af7252b310a0d2969a122640964841422c89d0a5b51dd676508350dcd3c7327676acaa27f132b16458c369f8e7f23907434764d41aceadb55044f7db

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
02464ccc9031912622d7b63a23c5bef4

SHA1
4bb048936f11005a16356d55a960368b36f404d3

SHA256
cbb0ab11331acacc2b28d0ae569ae565cae7cfedcfd8440c80eafec5354dcbbc

SHA512
286ea445e75ae829eb675c2661203a8597a37369b66c99d50fd7e9c07d47ab90472253df7526e2782152a7670a927d2d326e46404ced78fb7e22d954566c94d6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
a35b611d8d1fa6dccc5c90d9e486ff1a

SHA1
7467ad6861e468c9df9d1d455705f00f5027cedc

SHA256
ba656fb0b8fa8a427b28bb191451d2724091323007cfc48fef428dbd912a3a49

SHA512
8f5b5565fd7f2b3f19e1a50b658cb2d0483d5d055f718bdc0596d2669def4dc18119c3deadfeeff62d04137960c618ab073b5b5fc93b8cf1f1d7f3666036188b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6934665ace47897005618f28db8a8d5c

SHA1
d0ed84760b2096cc5f7491b6b78c707b218d29c7

SHA256
7a845934f6535c7784cc8ca9075e5026f415a3e7bd0a9f37eb805444191e0691

SHA512
aafbfcb648230e5fcb8062c5c1a352b6c83fa14c5fc1943fb56b62f514589537dcf308eacfb62eb6ee785912d7027729fbe49b6b3b4ee85b8a418650ea7be61a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
6ce56a91ae94db03037e2419060495d1

SHA1
f9823784ea319f2c8e204a2562837c87e9377e0b

SHA256
279f2c54fe2fb135a5c6e1aefa808c05288c864fd29a33ec5ecc0f4909f1b126

SHA512
a9d6a97da6571ec0dffbda9b16efb05c6e1fd7bdd64326d57bd68d2a9278cbfa6c7a03c33f3b51f7c2b49965acc57ab8c413ab81b9d4beb76227e4bd2da6f198

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
51ba68b983a6e9cf218547e1ee5140ac

SHA1
5215de6ed4ac81bd96b3014daf6b9fa88d0d1c47

SHA256
cacf7974fec75d1352de75d6b28d77fc56e69165d1991b0c913f7ec9dfb041bb

SHA512
b8d6cb028210bbaca7f31a455e34a5f440439cae47f0b9267c32eaf34d9d58e4be74bcc2db2deccad9d55e42a41cc5c4db038076fef2e25fb3b52c06ae058b65

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a6c3f815c6563ab68a9cf68eca5f41fe

SHA1
eb89c388c3700931fd287c51f2bf363a33260471

SHA256
f8c3045a2c4bb647b6d89cf857a44e4823346a0020e324b17f2e3436b582aeb9

SHA512
0f82b74eded2a3ecc9aca265437b81dd894961d0fa4f88fa382bf0176d9231924a457d17e5112c544a4379dce0eb77f454e5c2c0c2a1279e731ee1c100c76618

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
d545d7b98e8e0e2fafcd19b22bc65d50

SHA1
549e007096dd5450320fa5e60fb914ee3cb1a72d

SHA256
d482cff318f03cc409c9a81d33206ef4c315ebae2176ccf31dcc829fa7dede3f

SHA512
43e5db57558209ea54818d063576396302f0062c104d76678747362df595d12e918dc5790e30f32fed0d55ecb481a9bef59af47d19534b3c262574f684e71223

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d546d9b5ab81e39a11ea1a2731180daa

SHA1
9108fcdb7084fdf4345928e2b8db1bc5a117f41c

SHA256
16e4922ca4f799f017eda6b7186823c269e046eb2eb3d67f5ae2c8d9c0e67e11

SHA512
9edf2df8a672ddc95422d7e3ef650932ee2a3b91a0f2b5953746e93dd08183c6116916da3da524376bea41e316ad464d4eb4a10fd11f50fd5896f42e23556334

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
2d23a4a4eaf3b65c6de7783b1f40b7bf

SHA1
8638874d66007ba51cb090b2e80876ea7de0ccb8

SHA256
0bb7555656727f6542676f7f91d40a7655154ebc3fcc4316a5feb73f0cb38f80

SHA512
4e2f82da34bbafbbb7895391a79f346fd2f452476acc3aba0a26e3f525dbd13954be7fde0e5132040d1a35316b866d32e5e12d3f056aa5aeb8ec4e2cd7d23740

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e7accdb20f5995591ffffc1ef91a181e

SHA1
2245a7d761e10d959506795aaec0dc88cfca1946

SHA256
ac605164bb37604c43040ce670adab5328094c115b69d57a09131d133dac5794

SHA512
95d0e739ff0dfbb3cc055e30b16bec9d81dcd48080d3731822da0fdff2e9f062716d9c498dc21cb8c37d8a9022c1e8835503ece258960be5aef35204a3554d3c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
c75516df63ea89d8ca344de77c35058a

SHA1
7c407fffb408761ed52986337b817566fbacc8ad

SHA256
9ddd2504c14660a361a72d778c6413fba7e8849a5ffbb57d9626ec4d1049c3a0

SHA512
2e27207a1ba64ad53612bbd4d7923c72b5037608992dfe9b39aa2d019616a5be7ca57a777790d3ff56ad41e9838bb0753fec8a440bae9888a10c88bd6fbd0976

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
81a56b189acb893e344e291ff8c91936

SHA1
711421478025f84d2c4289732eaf6028bc19d7a0

SHA256
108691a6412c6e1c47f26ab79eae81508c5c73134904fa7b29dc9100650e2f15

SHA512
05fd7d5b3b9a87218585904d948c87e113813251fafb4aa52bba3c4ae2c47cdc5d1c00068a5c8b6c41688cee0a8cb01e457f5320b005ffb018244c302427130e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
c74cec453cde35acc44f58d2e3fb21da

SHA1
08756b06ae830a64a9d283bc3b56dd6f849adda5

SHA256
4970e6036a21a6e28019b6bea24549c74e29ed3327ae9504cf84f1235415ca38

SHA512
23e3574466bef9b2e954a3453472b1f5a3957c305e3c2ba4d7d81115790497896ef83a3a232510958292f29a9bb68dc9cd97e1646b4bf0e9f9b3a957cb72f695

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1d58c4e3260564a53f5e8c43c420dfc7

SHA1
e49a062145d4119787daa7fa567fb33e92cac5c6

SHA256
5fa2222ba03ebd5e44a392fffee433d5e39d2348be825c96884b6d8f36ce7433

SHA512
23f4f62b38fb031f960380583e1c63f57e511326bf0d628a39068401900b26b6ec692f8ba82ea4895490c4901b43bd2ff7ef6d75b4c09cffff51ab72f8c8d19c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
802d01da43619ac1244108c9d8ae1cde

SHA1
8afca6890f8cb1789e47cbc8e20c1b959811011d

SHA256
82537dafa7c2b1b0b979a3fe63c7234f6980527ab6d476e382f4d3905dafce75

SHA512
ba23dbc76d4e5267ec3e436581763e7415ec05b7e52ab8d74319a8d4cc4ceb82c32492c71d91b2ea66a952ce79cdbb678ff7c207fd663a07d0a2f2719ceec3da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
091e7698a1a243678026285574ec726d

SHA1
aaa4b31ff713dc858ea4e06ab8599452770423b0

SHA256
a5883d8dfcb580a7eacd58fc3ddba400e9a1f16f52524fd716938532fb1747c1

SHA512
7263a21b44e61e40862d0240c24db5f4d700676f7bc7ba4512da453e355e9f2a4c7a2f7ced6c4663687febf5d5a0aee0241584e65299ed27ad7d67ab40a80009

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
567bb4fd456f54b934636f933e1c253e

SHA1
7b22e7a32d374d10b74679523112d49050616ce3

SHA256
ea59147e7dd5dbfe665243f34718d1f0b61eef9f88dd7b1f7f643840a8bbbfc1

SHA512
f41e325912fbb39cbdb09093101b528ca112b7b4b4b4f9c9a9e835f60e9c38333cfa49f06d5193d9d1dd01d6593ce00a889a6a707b8d2d694b542bfaaa3201c7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
e8a1f16099f40f9086063b33c471a4d7

SHA1
7fb11a5126b00e9a21454721ee1ca1163492ef20

SHA256
60d76914dc6b7d4f169a3efa59121c393819d6794e7f08143ecb2d1c36664fa5

SHA512
c92a092d49e2632c25a12c20e18a8a92047232a5ea8613f621d290e1c1ba7935aec304f9f86d855db700eb2ac65ff23eeb9805b276c4cc73fda141da9aa9cd28

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
9fc74b37bb80428482b842fe37f0e974

SHA1
f82ea6d0d93cf3d29ce084caf4f4cfe6356802fa

SHA256
aa4c7f6a3434de8c31cafc9523b07a99198ca0d19475d55df65aa528055e943f

SHA512
305d68c369202c05dffb7d140e8abffc5eab416350d640fa3033a58f24164a1ff37cfc9f478cea929d83a8889d20b74f7a4894d2fbbeebff5d1e590f29e36d41

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
88cf04adf983664f50fccaac92e81f54

SHA1
384af4c661a67fa94b7048e5cc1cf7ff8e904902

SHA256
530f3b1440088fb0d8cd9c03e039e422ad189016ed1a27c87ff9225ea1598e81

SHA512
be6acb310ce45f5e81b180426befca4c6d4e7d493db25db042f5dc24574ed1bba441270b04153ab671e3000fe124bffd956ae8c0fa3d88da3d11fc75695a5127

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
85947326c01bb3f30bc6dc65f627385b

SHA1
6434f77509c0684a25bf33fa0921074bf0343670

SHA256
62c2f94caa10e48f9edad4d4a39b1b6316ac6f56d8ec44b3ea49134764ddf9a0

SHA512
4f58f0caefd8e36f9a26cd38f42e8747404c42cf631bf0e08e37d37849c50b387863d808a049faee190a961f255efee7237b751f9df5abc9c523d815ee3ad05a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
aaff2f90acc1c2b61192548bed2cf090

SHA1
ec2ca5a5dea8ab08c1b15cbbd76bb2cb9879fec1

SHA256
ff2bc6af51fdd2c8fb5b1ba7c83aaeee67472b7cf5a94c5475f83d08fce00ce5

SHA512
3fa04d8d55fe2c712cd37a12c9ebf87a69ce16eb388db7edb83ee8d4390c0a5c526ba16c785bae874f6d3034439fe236ad6bd271b26861472dee34895cdf2328

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
378a72eacebe7d8da309511084c47e8b

SHA1
e50d14011167c66019f7d7c2b8b315f7d24d4575

SHA256
8ec2a8cbab14ef66c1b451f6064c21adbc1387d63ea7faa8334f584ffa45ca2f

SHA512
695b3454d0defd458f5619a502c820a93b523ac89ee146820d415d9d3d922b38100bf9dc9fd0ec2bb0314de6be6e3dfae4a86ee81b2624e67a1943f107855b01

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
f73b60b1adffd25f56ba2e3f0cc82ec2

SHA1
9e76fd93ebf0562599faa9d2bd5729065eceddda

SHA256
3b71ec8fc0446070fc13b6b30ac3a33e5da2e3319f9e0a644550ff93e98b0f88

SHA512
ab11377190338518ba10866a9678bdadc0ec93e31d966b266bb244b5c1a93f66f1ab67d1c8ee4b0651a386ccc7a2a216804bfc8ceb34f53f88cf1bf9ee42408d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7d91826c6901fccd398181434ad2a7d7

SHA1
bb8dc712a93945bad1104220857e4007961bfa36

SHA256
965e0bc689f82d4635c2fdd8167cdfb9eebf4cd5bdab3d5c09f750e4821f91d4

SHA512
c396232b8eb9bf4f4544cde8f17c796e051f3be525a122dd5cb58ec2fbd0fe86ace50dc5c16a0091e9d80069475941b38e33c3ef1e2f102c03b2051b275286ff

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
595KB

MD5
5665078eae6ee9288e02894c39296a2b

SHA1
4d24ff23beb1f8a514a4272a859d09097e1c14c1

SHA256
2cccc1a731f40bfebbcafeaf5bdf54fe86047d9f43a5c6bd4149a628744ef5e8

SHA512
2ff98bc6420a82bdf00c7e0bb95a0826deec685f3922bdabf173280fc5175f463890577c467d9254a9c1dd01f900e2d05715ac736042e6c77210c049b724eddf

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.exe

Filesize
621KB

MD5
135c9498ca427c7dba820f8f6b00219b

SHA1
953de4605a62b9d754b64430061df206a2dc751e

SHA256
940a73624dae07283a0f18850685eb1ea46f7d4e286de55013ed2a52c64b7173

SHA512
31ac47e4b5c92a6422cfdfa50d89d31f04748b291077e118b2ef8d8b80155d15d2e1614a6de8daff6b4fd64f06a116cd3bff186ce932fdf3c962c6af9426809f

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
621KB

MD5
7d386b2acc35ab05773bf5c6ada33180

SHA1
ecfaea3f431ccd92253b6edcdb22ff756aa044fb

SHA256
ab8f380f5ff1b502a69b71d72f6e84029147e898d88b141528c5d297e90498b3

SHA512
e6a4c826d0b59424a6fe3d457947b070db971a1cbba72a2e6ed4bc246aa7d75c559b9fd1ade32c85241ba15c351ff78187997732d30f30e5dbf52bd157769f72

Download Submit
memory/2800-47-0x0000000000400000-0x000000000047894E-memory.dmp

Filesize
482KB

Download
memory/2800-52-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/2800-6-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/4652-45-0x0000000000400000-0x000000000047894E-memory.dmp

Filesize
482KB

Download
memory/4652-46-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/4652-0-0x0000000000400000-0x000000000047894E-memory.dmp

Filesize
482KB

Download
memory/4652-1-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads