42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06

Analysis

max time kernel
116s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
Size

4.3MB
MD5

951f19a10c46fcbe3d0e2e3169628fb0
SHA1

3ea603d5fac272b14aa3bd02f6f6e49e2326c2cc
SHA256

42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06
SHA512

3a1dde9646905f37e6b93494bf3d1f4b2bec2fa2deac009634cac2445ec2e33bdb58f29bbd11120710f1c266b38e630769f4197ab86ef613b91b3eddd6506920
SSDEEP

98304:1i0li0khMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMV:40I0kJ

Score

10^/10

aspackv2 discovery persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x000900000002361c-2.dat	aspack_v212_v242
behavioral2/files/0x000100000000002c-15.dat	aspack_v212_v242
behavioral2/files/0x0007000000023627-33.dat	aspack_v212_v242
behavioral2/files/0x000100000000002a-41.dat	aspack_v212_v242

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Executes dropped EXE 1 IoCs

pid	Process
220	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\R:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\T:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\Y:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\E:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\H:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\Q:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\L:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\O:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\V:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\X:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\B:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\K:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\U:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\A:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\J:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\N:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\S:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\G:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\W:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\P:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\I:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened (read-only)	\??\Z:	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened for modification	C:\AUTORUN.INF	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HelpMe.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 220	2280	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe	89
PID 2280 wrote to memory of 220	2280	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe	89
PID 2280 wrote to memory of 220	2280	42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe	89

C:\Users\Admin\AppData\Local\Temp\42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe
"C:\Users\Admin\AppData\Local\Temp\42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3840,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=4144 /prefetch:8
1⤵
PID:4740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.exe

Filesize
4.3MB

MD5
e6279d572c341486dc63e8f69c5bdab0

SHA1
8b79b067ec27ec45d89f25c01a25870938750f9c

SHA256
dd5a1b3e583c760e18b9660b63d46c8cd4a875b8eb9a9dcd244a6f5b7e6916c8

SHA512
919a4a74af738380805a92154d7e0c369943bfd52fbd0d2edd09c7a8c4623c7d8651996e4509fbebf61c5e113ca0b9a5e4870b2aeb3add93e10adfe0b8664f45

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
93a2c7e5ed0f91466086b9f19cb15973

SHA1
c33237a21bb2375d409c741c356b4b893a6efe3e

SHA256
3b255f86f26ad2f65a0a51da6fc1d0194792e4617d8bf9070928f70dc7a5acb9

SHA512
671afac1adb055422b9ea2f9b3bb88bd456c2ab5820495e2809824573044a03f2db70c8b496d8b6fcc0f3893ff531f8ed5ba6eeda4d1a2b6596413a5411362e1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4ae33a4459f00131d120ab7f52912a62

SHA1
6c3cb20c23fc2313061c71ed4218cd6aa4b05fc9

SHA256
df9a17260b447b884df15d29630f2ef394a800893c639f74df906d07e1cefc6b

SHA512
1e8404e742fc73eb1f4712e3b0ab72ef18fdda2a74e452b67ff6aa5c5d34ed6d8820d8fae62c675e21269c05d806fc6c14379ddbd4a02ddc08de79ae9e91f42f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
fb36e616236c1e7c23f3f6714e84c0de

SHA1
56cf3a00ced3028b050c72183c647a0b4a91cb1f

SHA256
d8121a688e99c55827479f2e38dac39b102bc9538744999342fc95af179d177e

SHA512
b38aeac5211e45ff93a373560a342eeb006cef18adc8f7e14ce91af64751416b3ba4f96341a4560c282f4ae093a43940983055db83c378be6476c5f1f96a0e85

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
8a3e90068d56d65ffc6e8accd92cdcae

SHA1
02d8f27abb2b55e02026d83182d64df39a3c816a

SHA256
9a03e60ffda8da44ea99628f95a36660576fc72baa4210defbd49c4d49888180

SHA512
983c08265969341c70b993eb2228c82a911fca71595ff07292f29e219794dd0a05f8ceedfc314dde20ae4e4bc4beda68b6f701b16b8aef650b7cfc2451650f99

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a6b2b80f817ab8f0158f37304ee9b08d

SHA1
f118ebb4d5f04b626da4b75ab6fed3e3b5648e04

SHA256
61c4be8c998dc0c4ca17c599dc8356e9758a50c7ecfba50a6fe0b6c372728428

SHA512
4229f5e1546e7ec2863defd66dca17172af7d10185a9814f4b09bb1f2de49d972f7ea3cba97a023a714ad5028c7d390af516891f1a9a77ef5c6a8fc3d12c647e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
131afa39ceae66d9599565ff7eecd751

SHA1
82905d2c7cd4b67e67e790e0cdacc2426c40226b

SHA256
779ad2746ca0f399c926880c089e237120f2cd5ff7680a06be559fb0888bae02

SHA512
b6234562e62a5851db0c2f2219372980e22ecca68f0a1cc3e3ea76bce52b131879738abea1cc5e99d9a8c698844a26963fab57fa2709a29f484184a62c4cc270

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
947df888f05be1fb28f35fd62c695f78

SHA1
2f8123beb34f9234c23269f8f368b8b259f4403a

SHA256
fa25ea71557ef5c741430b56ecd4602f242f58b8872e2d3108d1e4bfca141636

SHA512
bc0473acddbc4f31c834ea088b7725d2bf3905b54e36c3251015d5521838d1bda7d12914ff52bd0ab8e9ef5929b623dda01028e576f1d512ee491f084b67723c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
e4ddb0f488701c1b9045c5959f76600f

SHA1
39907c7b9b25eb91adcc4d2e54e268b45fa182e9

SHA256
bb709c810288920bb4368ea38fb56ff77c3e492aac4293f5424f9569bfb9bcc7

SHA512
7a38023a266c5b5363df732b45cfc0324bff080a1ba6dbd0d487162399ac52e092cb26b3f56cf47e5e0a733a85a4ccbcf7fb5db811dec66378404cfc73604fc1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
92d4105327eb9f8ecfc65545d838f13d

SHA1
d8b7a418a70df72143ca1f9514358247c06c48d0

SHA256
93d494b5f0973544865f6860d7009c31fe0b13bf742cd6885468ae4dedab6ab1

SHA512
85ca7c3fa008500f45c9092eb97964cc853ad0be3cab493e109a5a1655fa33cc4b7f50e1a88961e9e739e9c22114b16cad0f83ffd249f1daca8ad9862a3a7854

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
71141c051d91b686dfc152824dc25aab

SHA1
97e02a7fc0ab1b409206e190767bf3f1cf61b458

SHA256
9bc84508a8205a605a0dc922c3d962b52f33c803780fa5e9e452b138db99c431

SHA512
b6840763200d7b315f9bfe75b049eff8fab2e34910b7d0404d30cb364aeed9e9f1cfb8dda5eab83aa30558ef598df8945b84d4413da7d3bc8457776f36af36f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f49c3a20eecd02371dd1900253fee7a5

SHA1
eef36b0f882bcb2b1eeb2f66504f03786a7c6ea8

SHA256
d1974ea98caa19a52537ddc7647cae0be0d7bfcfc9de9e4801b8972b5222c273

SHA512
5987c82cc8891f237c78f675a50599240e3b6eaaf9ab6a553678c14c3c0c024dfb997c764cd6339d4e67364c6b128b0fd381413c4f7d8cb78a94524b940e798b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
fb090960e3754da6967c3aefdc23aa8b

SHA1
2cf1adc590dcb13a3ba9071fdea33eabe46c606d

SHA256
3dc8105137b9fa632735d7e47ea27717c1dbd7f05c182f3f24d3ce9ba86cc260

SHA512
0fe8f768421903b8cde7b3a8e6ae8a7ebc5cd2321910333a38033155d2dc639a60391804bcbf66c4c2bd43c55f20b76807144924347154b82075e4a61784b742

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a797c81188a1aabb3b2f2a097e4347e0

SHA1
32e0a5608280bc198532ddd272653e06c9cd2b5a

SHA256
1179873506517e01f7fbf87c29aff8734b5d56e6860ef9717635e07a32ab9c9e

SHA512
5ef45e08fd78d220397074a8ccae4c0cd8c19872f30d74cf653a5360d579e0aee196521d1a9ab3c9deaae2192532f1a3b5d952ef4b3ee5bfb3e7c4910b1f5146

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
577e6bdb45a6000d7dd65a21d0d0fd3c

SHA1
695b604394d70972070e6702e44b955ae592a66c

SHA256
e0c705f9430658ac9a2f500d722bb7fdc0a8668ff3ecc715377430344c2248bd

SHA512
8e57f64c37cfb2c88dedb40dc2893386b834aebc48244d80b8fcda60cf7bbfcdd6f2cba0059d2ddd327ab5929cd1ae98ad387f2051925f5d46edf191d187b30a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c02d34a1c625af8264baed1b87488942

SHA1
beff2538a61b09123b9c63c10014738769cd04ac

SHA256
d52c7ada4b258b5aca45cbdcde8768c4291e5fdd4567425df48e9a8a90abc067

SHA512
57e1e07453420521698e91f3cdebf0cb46c38675d94008588458441000dbb54d136486f551570c0d1c8b4c13cd97dfa56152fde8eefc5fccbb3c9bdde710ba39

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
83e7811493c611d39691cb5f87f0e131

SHA1
9eddcd1f2d6e3713c80a480f1264d4bf23e55b64

SHA256
3c946a02e2b4b4a511dd9c89ff9bfbdc4b9e404bb2f120774493e275bf6708a4

SHA512
4ebbdb4ade764af68196fcc2962805b13732806b089039f4dd3954412c72fedddc1910312adea9e2e74c83619da311c412b04c09c1e7e86db7ef82a348c1d85d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
bb40eeb3a2ed807fa97ddd36b08688a2

SHA1
361b585b15be91ff1c76d94005e066d61de225d0

SHA256
75a4b13a84dc85972eda6041fbf966808d11c4fcc3163370b1dd803e0728257f

SHA512
4e22287a5476337f7bfd3a85bf2a3052d99732e084e001966b27b77a6ecb686eea8b9265c7e5b67c4357772c271fd303290e33ef64d19d483fd05cfb1a7a6d2d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4d2d8d760dc849afd8a47e65e068f944

SHA1
bbbd5898f53f5048fbf52fbf8cd84575e1487032

SHA256
b63db8ca12b0f91e93ae4f4a8091075816307a677bea57f5e4021d9c4ab42178

SHA512
7bac5211d6c56ca33d3d9ab390a346fdfa1485014437d785acf585344065459f6c2578ba04198eab51887505be23075f4093b59ce93a479a80ef7a73d838de56

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c2e0185349e7de960bb48edaab9afb7a

SHA1
78edb4f9feb25808652d169936ea45ea3af66958

SHA256
6e72482993e2399d87989a839bac4021dd11691deb65435722f876a054a66a9e

SHA512
e69f249d13f469935cc2f55f53ba11ef7e3c5455b598848a913f884ffa218d378e8b6b47a6448ff3ea4d33bf9ba6728d16e700002e346b39389ffa961e2164d0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
ede6fb02abfe6fc4a26cc15fb7ca1437

SHA1
de413a7b3d2b5dcc832594b12232368c1d801a50

SHA256
65d4f7c92f6161004a293dbbac0942d4540995d1c1fc8a55454e78e415e82a74

SHA512
bf47091392901594871ec0da85253e680149aed662861c60198788041b65a0f375b28e4ad10223f01eb8fdacb48e289b5a33eb7efb3684bf3586a3064582fe50

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5ea68aa15f8d5555ab6a277888783c8d

SHA1
3fc4f069b29b09ce15f9a09d134953fbc267907d

SHA256
02498f09fa53f157db82bcd424140e4e246c6b217e4a4fed573f14a3855b3ef9

SHA512
d7a3ff6df6535afd1a3abbc78532caca7b3976a4a65f164cefc0c37da1768a54a09652b366b0253c594ae48e54fc2a93af28df9a872df609e05c8aea340c54e6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
f1007b9aa1b463dbd440571f0af449a4

SHA1
8741a2068a741794978c17d307ea1fbc1da6f2c1

SHA256
455e54a508e8a113dde37f3fc665275ba5d085be9fe4164c939ef3b1ec792dd2

SHA512
02d1fca709dc082c9b32a0c8840df900d17cd3af6896e908055425a097d2a21e626885dca6dce69df2bc472c8ebc0b3a7074f3b93b4a96dc0b2e71144d7afd69

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
58ef0b2ead6e3c0d9809ec58ce6ebab2

SHA1
87ee3d81b8cb58a30933d5c05004cc767c61d110

SHA256
32765d9fbd61759d59d1949f56145422e36bd94aee326a221fc1d1dc07e85ab1

SHA512
02392e57e5fab57b641aa6f0ceb1edddc18a6c01aa784ccba006ea1ba38241900809c2afbb1626906da4298379a4e2663263f632eb74ef4a4b3f2c8f421ca86d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5587ec1447544deae239e1fa48916e27

SHA1
1496b819cc7f12de4ca839463e2b270cc9641fec

SHA256
ac2c6055c615c77297f63acbfc69bf125000b01c082717f0d84dea41c275b451

SHA512
399d46ddca6fd2d5d2b384797b2e47a0d1a5679ea73cceede9d5cde17e33e87fc3d1436137e282485ab594bd4a71e24dbb9ddab7430a12a954aff5b711d83f2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
98931fedbd3d497cec863ec7dd995652

SHA1
fb831895aef1156dfd893a852ad6022ca0718ff2

SHA256
f6f75a52eb1a53399296576ce5d32adbb0d79f14098d452cf8fd492bf750974f

SHA512
3b28a77bbaf6ff504152ebfc9a1f2fa016323d1bba3b5ccd0ec98fcefd27457124f9728dc6b099906155c01b8be3b2a148db05e0d47495ae3315932b8b93be81

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
46697a4ecc101c5150f549bfd295c07a

SHA1
04df40a961c8bdfa6a93a6f741c488653b703a20

SHA256
662768f8b44c312ca4581ff8bccea801376d865a6530505b166b7b0d9b42bdca

SHA512
840d03900abad91033fa9df086d1f8a63e54d95f9c24b38abcc67999594b7b6ca89fabbf302af9ee87432d0bbeb291c440e2813a5d9725ffe16c18fa9b699a1a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
5ce4e269653d381e1322053861bc03f8

SHA1
9dce96356e0553358ba6de24457ca197b4b527c7

SHA256
caf3404e585cbb51e82be4dd7f15f6cbeee6d43ef63dd37428e63b856cf7bc61

SHA512
eacb4b62a3621ec459b355ebd3d66795013dff0f090b0362a03549faee2aafd956734705c5f617c494dd3fc5aab1f511d15f7278e4f55aac974addb0a40e3ec0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
07939234dcf7a7734380dc347e81918a

SHA1
805d60527fb8c05469678358b257f9dad4590739

SHA256
dd35073e87d9193c50d6e763e103fe8a58c682a69dfbb45a3b84a3f830de40cd

SHA512
fe5f89b64d9a675e9dd4289669664098f20c233b408c16f14744c0ee8c12c8abbfa4aa3fdf05a601cbd13d085f568b63448d6786091fd4a3ddadd4d42f88889a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
fe3c1d71fb77760801979fc5df81c59b

SHA1
15cc8df68c2ba73df5630ec371258feef01ca878

SHA256
53d3a344de4b2ce66fb4f48f47fdcf240a2baa8d17971d3bb789defb8d647914

SHA512
b477f5480238b915e659f438b43bd5abfb0b9fbc628c79977b9e1d01e3c7b072819ed57563139fda5265b529a219851be9d0181716fc19db779641b0dfced377

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
9a304a7d8334dffbd40a749682528c98

SHA1
3a02e9953226ddc235feb8f865f47b1ed60ead86

SHA256
b0de14c8fe58e7b1f247a9422a079d367c094ab4cdce828d71dc2d6026476752

SHA512
0a01c1e4acdbf538584aaa63a47afe598be38bd62676c882fd8a8e8396cb13f8e0a8a8c3adf5b6fa95f7879b5702846859d5fd838f0b6db23a57a095e0e49d15

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
6a84e0bb9df672c8720d8ab3762fae85

SHA1
e8cb462e2dbc5d927868fc644367026b5550d7df

SHA256
fb6395d36d08ac850dfdc0467e40d79f4a01e266fd1d7125da4270db98d3279b

SHA512
38b1bc1431038d60bc46a18cd8b6a5d0173544d111b6f878ee4ef3dbdd059b7c455aa4e0f231230b0868e40e3dcf7aa0c7bb3cecddf5008c8f7d6fa731c3f880

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
001c2529e14b260347bfd62cc9854388

SHA1
e1d53eafae5f54039dd48f19a745eb01403dcac2

SHA256
220fc0a45f868478640d9aba43b57015b5d79b505b10b76a42c0f322c0d003e0

SHA512
501736abecb9ea1a2a1db54423730ec3ff84147203287a3284641cff93462aae32c6da30284f3744b8a5a315357656510eeb26670c74b00f4eec0e450cc63679

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
70f2f98ed00cd30caa383d3dc0db2815

SHA1
e7a239dae315628ffdb8d8329ce5a0728a64e9e7

SHA256
3e6793e75b578907f707b177bbe74b2362d8a57aa4e247ee66b6a52dc5c5cc70

SHA512
bb108f368ad7b29cddf1c2b269e25d45d8d221047026933c4fe23a79273344eb0a045b53d248c1bd1b35f6bd2d716529d0d6b522c1d7b06e7d5d833441d5874e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a4611670887601fab425b11b869eb4c3

SHA1
5b30c1522be54e930a41cd74f645ee49246f61e0

SHA256
20643030384394e23e1a3d2e05717e799b22b0164798af0307edefd5bb17aa6d

SHA512
1516c5cb032457e08c32743f4db4a7d1b93c0fffd385779c90689be1604a8bbdbb60f34939c364bfb70f068e7aab107d3cdda518b760de7d72aac027da7e010b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4f3534c00b95c32c820e3a37cb664c0a

SHA1
168ab909d94d92ad2576b4ff8f6e9fc9cb07b0ed

SHA256
094a6e486cc7d1cc2be720ca33b83f86e51b0c56b6b442ad4febce942ec3aa53

SHA512
214cb02cd380893f7d80fd52b47e146235b867e16e6f3e1457178a9b4ea55cd9ea6fce4138ff0fe9b424598283515c1fe8d6bdfb691fef222bab667b183d8d8f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b4472a302672cef9a2bf16bfe636403a

SHA1
846b13ade514c774cd811701846f1a189437fceb

SHA256
3f28c6aa376ebee9f638a7000746251cce4e05cde25d9bb1a5647c1c7dc7685d

SHA512
fe17ddec58c8f4b0abb6f9dae4c762668f70a6a35777796ad1f8c14b9c96f5690abcc6f18836b52ceb70c72ef59735df1e232aaba074d22422a238c3288a86f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3aa8b8875dc08f393586c9b62d51578b

SHA1
c41dc4e0c3a3bc6937dccfd80c0033d4b1c8e5ba

SHA256
596a227ac1f2ca652379a4189b85a1f4b9df557a7bad5ff491c4ce4f4dd83f74

SHA512
e13810bdacefac2ccc187e7bee5cb6516affc862ba908044efd44e63f4ab94f2fb5a56532935bda1d92d8f423a2762ce65a6e40e6d87908ead6bc243ff4320f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
8846dcb445956ab90390acea6964703c

SHA1
cc0033c95edb4194f73d667d249921a608db771a

SHA256
8e199f0b025509801f47bf1e9559b44880836bfaf033cddfc22ec528929fe838

SHA512
810ce446a763d1c56d2e4d96d59ce331668213b9d9ac2f6c795c00466a2c797a0d93f6af0724a34f94f0a72ed6861e00ae1ac578f3beb5efd3e9981d692fc00c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
9ed46fbfbf4207c6acf09fa61ed72e8f

SHA1
3b7d36acf62b216d5398bc263ce9c0ef74662a0c

SHA256
1f474f48a21bdee2ffef7626dd9741670739e41a38e64636a0fde4cb83348477

SHA512
bf5d78c90fd658c51548a62fea31a59fe67134a0767c471d302d1e27c4b7b4d1ec9e51c1ba5f23c2dd4a7bf216d3415704158a18f187e82d59be9d8a7e4cca05

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
0110415932de6ae3f49ac04128594fdc

SHA1
6d53b4fbd6ea5433eee1179584396cf59c7941e9

SHA256
2a80aef949125d10682c624bbf914d85f84fa9d21f1704a4e08938e8bac2f715

SHA512
be5dbdc73237483311e6153ced6f262b64e6f2b5f45b55b31d9cbad815abe2b1179f0cf8bca83bd7bf42ab152a0fc14887ad7ef93540d2c2ad2a0a7caaa5236a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0b9c9f2a3016b50cf8bb1512f3bf88b0

SHA1
b03bae989c34c8bad13ec6b74bef627f1f24f314

SHA256
d126ee845f253d60bdd3be26d5c1dbade89ba13e14af81bcafc16169b160d4e9

SHA512
7ebdca5d9acda31248f65be68fe39572157e8eaddee129a4f723ed262444c2e3a77ad1e13bb5982500ac6ad44ca6e8d612c5260e4e97a44673e7ea78c17a3143

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
c1075135cd689890272b79fb1ca86d51

SHA1
f936c8fbb9f0844b59ea2c7b5f4381f69c1d06ea

SHA256
cfd8262b938f2ea2e0d708d459e588986323ab2b56ff14668fefadd68dea8f88

SHA512
25879a88c6f994fec20498feb450f9b7e47f4a7a8a94596f65f3ec986842759919a814abaf7da3809fbd85526933b39c7d21781889fe5f48e815e657e284b670

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
4.3MB

MD5
17317a0d0677483c9ef9da054d979078

SHA1
cf1bb0aff960210d9bbc878f051777059ebe72d6

SHA256
617421ae86e5e61e2475a1a2ac86f2ac5bc99e66130ff9b6ae1b032f25916018

SHA512
12089e5b77fb6932be73e82474b89720f751307e60e37dd4a6860541caedd3450b5f9a29b8adfcc0c0092daf2053efcc57208a06b06162d08e66ba9651ca1211

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.exe

Filesize
4.3MB

MD5
f1b71a37a60f987b2307fc3d5f95a72a

SHA1
90f866fa06ca5d8603979be12a519f0e1c1ff30b

SHA256
34986f28fd05600c2ff07181142ee07d5aedb1d3eaec5088cae32d4cf78d1537

SHA512
7552ebea9a9cf4a11c2f108e5f05179f7d12df2e7df4efc6d8babdfbdbbe06de04b84cd9c111ec29ccb32033c183fefb739be99ca8e6d6dfc8af917bb87197a2

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
4.3MB

MD5
951f19a10c46fcbe3d0e2e3169628fb0

SHA1
3ea603d5fac272b14aa3bd02f6f6e49e2326c2cc

SHA256
42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06

SHA512
3a1dde9646905f37e6b93494bf3d1f4b2bec2fa2deac009634cac2445ec2e33bdb58f29bbd11120710f1c266b38e630769f4197ab86ef613b91b3eddd6506920

Download Submit
memory/220-50-0x00000000020E0000-0x00000000020E1000-memory.dmp

Filesize
4KB

Download
memory/220-5-0x00000000020E0000-0x00000000020E1000-memory.dmp

Filesize
4KB

Download
memory/2280-44-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2280-0-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads