71b68beef876d64ca571f462f9a993efd366892b41470ba0ae73a0f0a5514b33

Analysis

max time kernel
146s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
Size

4.6MB
MD5

06d3579a7c1a8035a3122b6a83e8bf1a
SHA1

c5486c3eb99a51c4d74667c732776dde6e986d17
SHA256

71b68beef876d64ca571f462f9a993efd366892b41470ba0ae73a0f0a5514b33
SHA512

478b55a8d4ef0e720fef6fee4415aca4fb26bb333860af6dcd5096035f7d0a4436b4c11ce8fb6827d7f435540492de13fee12f0ae945baf7b7ea8194cef04d24
SSDEEP

24576:xEtl9mRda1MKB8NIyXbacAfUSunEp+XRGEUvkXw6zezNFtcyyRvx+z94+KB8NI:iEs1TB8NIMI8Sfpwotkzaxc1OGFB8NI

Score

10^/10

discovery persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
1000	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\M:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\E:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\N:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\O:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\X:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\H:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\U:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\Z:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\I:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\S:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\P:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\L:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\K:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\G:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\J:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\Q:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\A:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\R:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\T:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\V:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\W:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\Y:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\B:	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HelpMe.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 1000	3144	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe	82
PID 3144 wrote to memory of 1000	3144	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe	82
PID 3144 wrote to memory of 1000	3144	06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\06d3579a7c1a8035a3122b6a83e8bf1a_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  PID:1000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.exe

Filesize
4.6MB

MD5
0d0ea65afbe2a435a428ef8d6d5931b3

SHA1
beeee287c2ea5c3dd79e04ad48609bf18de50e29

SHA256
3eb486ce4e15f2d86e267ae44d61f8cb49f07f3c45028990dd1b10e04c749ea1

SHA512
0f9add1363ab62409e2a9a2f5b5244fa5521eb639b7eb2276faa1c762fed3b5e0e27bb3654b6404ba57929bba8dae20a5afbe9d527bf2957e12c5f6baccc2938

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7925db9726ff3e4f5c995f0085d78882

SHA1
638941c4bd922abce00e32dc41fa3a1bb776a871

SHA256
7bba2f9ba1d24f7ebb09a47d156df46ccfd33b9e2f421c0a030258b791d28b06

SHA512
b622213333baa674e41186ecef77afb79e488c73d3dbf8886f1ab90253676ad15e1b8fd4e332b772ed393f0c82bcbde94a71430e502f8bf4777bac4108c24076

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
3a03659761a2644af219903d7cb6354b

SHA1
6e1e7f01e2b4fe285f3e0f29f7ae3b5c4fc72d51

SHA256
88babe33f91c26334e054311ff8ede53f23db7b9e334a92b67c05e62fec8379a

SHA512
f0a03abecd21c4c3f5e56b2a214b13064a5bcf21ca667c3f29756babe7c67b41a2b3d16f5140bd9006617850fbb58d0ba944565e1e4a0dd0d138d63db60ebebb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e64e5cf3d8b2477ce7312d0a3141263f

SHA1
b3fda969e2d86c6c01b62735f639d1788b12e46d

SHA256
6ba62d2a86aed5094d57d6f834ed3de979638245a1e091995c028d94825b5063

SHA512
3ef2616b46f5e737b469b74f7a9c4c8f2a244c190dae5c3754f368649f6803002e3c8a41d92b8ad9f88146c5818711aecb6d1a91f3db5ea85b967fe8f4a71595

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
b30981b940f6ac480e2e99cb448bc78d

SHA1
3b7c7199d615517c89b2a9a26508977ffcfed7af

SHA256
3f42344fd64e7aab358bc9882d47a8491249cd7b8d63f66fbb2fd3f66d41c948

SHA512
0794333999e587f2c03cdf2352ea3a703f936cba23d012ede1c53ba51832e0f376be91203474983bf5a0734b6aac92b6ea59c9bed559546ec12ef049e40481c4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
95d2962abe9756ab59853496766621a9

SHA1
e6efd63896207734c86bac6cd39bd285fc39456f

SHA256
2e3d29eac277fa2700511f75c39afd2289d5791491b7f8be539e1c6eb2bb3c45

SHA512
2f35109a6c8dab90dad206ab9f31591b8002ecd8ea210e12ebe25bc46a6e89e1fd72e7ede7ea838d68462f9864965a78a3c92d756220f60e718a5cd95273cc7a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
885cda798740a5766784e4797015d4a6

SHA1
a5366ea24b6d6f58179e6ff7eedf01a046f8c67a

SHA256
379d4b15e7a0758a4ca72d100a2a42a8514127c326b7715ea548d0791ed8dccf

SHA512
d5508117ffbd9f76455f3684e690fe09d28fbf3b078e520ea660444bb92d526f242b7cd6b972e1acd9cefb6b5a72fa7996fe154d2c4f3759e400052f3ca97930

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6bbf7e5c14316225b375ddbd78e7f1af

SHA1
2bf4e7194a1e1ed23f1dcbf553ad513ee7ea7ba1

SHA256
fc7889ea862abd85cc98fda454624ad3588a8eeaa900107c385e57de1ec64078

SHA512
8e6082553f33bc16594861e3c2499ef7eb2dd28837c9949cd611ea4de66455cda751bbedac544e3b60db3e91e6783ff050ded0dd54535d9f565267f014f402fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
eccfd7a1f4040f38a2012484e80dbbaa

SHA1
dc92945ff00921fe2c537d16bc45cb58f391179f

SHA256
e853a44d827651ef9f6b0923f9797ded989ba47ac898c0b07dd1be77e8cb7b2c

SHA512
b3fc450c46d4cf4f563e03e5c0c6699528d1e3b6882b753aaea27747773c498408f3ee103fbf9ac64c88ed789d8008c42e21ae8c03d55a0786b2f04ba3855d87

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7cdb2ed8ba4b873a6dc2bdcc774f04d8

SHA1
892871856e191aca6ebba5688a8e01fbea8e8c57

SHA256
41345d9e06a90e43a8e65173de3c45a978828ea699d18c4edeee9abff35dd3f7

SHA512
65c5bf52dca53815db866354d95cb07d090f20976896b3f6d79a315cb68af06d3c0e867580e759893c51efa4ecdadbfbaaa84f5818e6fad64b966678e739f53f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
88363264a76c932251de7431419aa452

SHA1
79b351ad527cf5ccc8f5b8601c17ebe7565f0c2e

SHA256
c8f6874849f5405a451ce5ec482668386615e280a4d23bb9949209ecfd1b2260

SHA512
d5a955fc6b23bbab7bb534bf9b97e2a2b0c882908266a03dc2e5956287e3c319d5672c1b0f400fd576dc42b34a68ba23f9a4856124125605cf5ea4cb58c230b4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
84536e9efa675f34f518b43dfc746492

SHA1
9247cdee40c3988943a431a5ddb214c5130c7a96

SHA256
4b0f36be84e2e027292bc1b6111e0936270b95396b9e8f4224bb100906482b7b

SHA512
57b802d2bcff8f50ff501ac12b78380e35a05d9a9419bed628ebe8c226addc8231f4ab3a983e6507b3798ee7ce4886100ed309ecad0d8eb36724e2a6fe3cb2f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
00457847cc26120ad1239e05d2577b43

SHA1
07d8e18155feb9b9b1601fe875fbfbcf9ddf5a62

SHA256
09a20cc010f9f597cf35b8ecb6191cedf85ebb5e54652e5e01813cfd3afd3468

SHA512
6b67152eec7cfd33efbef3863b2069ca150878dee53ab691221dd9f6d396a7392c55d8861405d058e56d78e609d3be5d6155bd2b5a54557b4bb206094f01014e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ff79d273db470016970a71061f32417a

SHA1
7656520218ea3275532db0aba5ae70d242dd4dfc

SHA256
1fabdf1702211e3545658058304c0079640e483bde202afb32e7292cba453f37

SHA512
c672aac176e162f74f7e54f935180276f84ac0a58239854bee67afa6cb18958442a561b7a39960e45622509da6a8d80cfd272bf33905744713fe87063aea96ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
fcccb123f7f9321d160ff99642136ed3

SHA1
edab262046f2fa051bdf10193683586b6535925d

SHA256
1311fd2e30205ae2e54380f43c182b4af530be0a38d355d2329a0975f34fa00b

SHA512
3405982997b17e22923a2e3878f8cb0383d054b52f96b55e5ed6ff1e5d4b25e72abc56e3a83fa684ac784a0f95f3d09be3c8430d9c31a116f31845c28cd41484

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ae8ad616a65d62007dc44e2e2d6b900f

SHA1
c5c4884929de04a051b52e03d099d4946cadac26

SHA256
19da76e011d4ff70a97bd2b0700106fa387965d40582b46aeb0de867387b3f25

SHA512
55f91dda1cb35f418c5ecb1e52a495d71ed14e5bc389f1d9ced1af73f222b557dd4dc2b28aed76f52d66ad240182c0638577ff9d58f471bad231021cdce7f762

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
35bd1a7397132e74ac932038150c0c2d

SHA1
bb7871d667a9b67d6f47c097e8f2633f7578e39b

SHA256
64ce015ba6dfa8930f539e2bb20217455c919ed08a3dbe63df119104f162a1b5

SHA512
a4d4fceee4a0afa52e11f1665d2ceb20d83c740ca8096488f4f67796034a9a51aa12e026a8d58fac767250cbc3d5bce138c30de3bb81832e8fce5f0e53d3e851

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
474b428efb3b2aa9f2383454637c8390

SHA1
3eb27922633bfa53c54184045d2d1f889a61be4e

SHA256
0699716f09c1f825ab08dbe7041400d7c16fe6d2ef21b2812f0c598c0db691f3

SHA512
b4d2cc4329807dc82a004afa3e521122d8c1310e8bcdf66612cff87230fb6fba50bf43494a23fbcdc0aff8e16557542e4e4d5c192d8c9df125faa5f8c7102b6d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
5add87ab290d32ed9d80b336aae09d4b

SHA1
945fcd35b134949b56799db9a844a34f9ac16675

SHA256
93a4193ecc93e74a86f2f43aa264887de633bb8b31563a44b5a31674d8f5dc91

SHA512
45171ae3d68c252e3f98b3049c09f33d1f85804db2ddc0dacf8cdc83bb06f49da95a763b2af6ad2fa12824673116927e245e67b713a85da9058e9d39ff8b7d7d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
f5e5ee1c5de6b053dadf88ba9b3657b2

SHA1
736bb88d4c8a34ee3f7367c2f43e75bf901b57d6

SHA256
4f188189b2cd59a10cf01ca3e058b8ad49a63572df06b8fc1923054edf13441f

SHA512
0d263d08b7f0f9b0d78e0b68d481b64a86c5eeea6721c2ca7698f6ad7cd179ccf12f2ff88baa61defbbdeddd1c385d78922f3c8c71a2e05283610d2b2780684f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
529e2d20fe1fbe6cb7d516742396f798

SHA1
3db6b24bb8690097b66e5b1d769010a4ecb1b6c7

SHA256
3d336a24856d8164d766f0fe3d8839e86e3a0b4bfaf6f2d13c0dc1578f60f2ca

SHA512
71bf090dbad24876c95b0217f0f559449f4dbd838e678c7873c2307800398048c386ee4cde62da14c489090e12ee164391df285a73cd49fbf98d114fc3e4fd14

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
d6af3bdcc6c33d7aa64e3f562e5a4f58

SHA1
2d1effaf0b0973882a9f6f5ce0d8ad071f7b7641

SHA256
1d857da8102e442ec04ed99385bcfaa7a8da800471859453823336b91b91eab9

SHA512
088b0ad5dd6b5fd01e93542d0b9c57125104085097173c0c67f0b38d3a55f50b25c6ef8bf25b939beb718cd04e4593c645704d8458ddbbaf41fbe56a2011032a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
eb91282d255732bc14941e40974701cc

SHA1
abd02c3e374021126552a7cc9147b80ef40a7b38

SHA256
d337bff1ceb2ab2faac22391db023e9032cbe3889c7b7b8e223231697c9b8637

SHA512
3d93331cf16098124654255d9b8790c32efa5bf4d5081d27d1caa9f81ca260d301901e599768ac3544765a9559b23758aa78a4ba71815063c3e471624b887b5a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
1af14a145ccba1e960832152a67942d8

SHA1
a6bf15491da34f59f24072f79b7b85753acfebbb

SHA256
017908748af6c8a91918173908a75f9ea781731f6aaca1e97bf23dd79619a52e

SHA512
8a0350497a10b4061224176297d24fca4c322baa0cb81f068976f8b63d619f56f85e208118a066fbca3e752a97a041f34e1faf2efdc3efbc5447ad0ea76fcb5f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5c72e77c11813a1c89434b0a5b745d25

SHA1
e33527fa85451fa97b2cc685fb1c3f2fa7f7be7c

SHA256
e332b839fa7a2d315ab62d9055c895355a0754977335a5f916ec4532ea19ae04

SHA512
93fb609d74fe07577958cebcda782fde7bb75c9a0de3f31c27788f5a05d63b3cd4ad1a49b165ec10c66d3663f0cf66c5473b8b9bfda07ac68aa3add7b2628232

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
87d10081f30488c2b23080b3625263c0

SHA1
e92341794b45c2b1895666bb6d2fcf2a1370af8a

SHA256
27200ac28c10ec484abf976e85d94bf5c2adcdea97cab2fe9bd4872b9092695f

SHA512
c3741949e14e1a971fa07f8d4212d6ef8307bdc1f2cd45146c33a4e2cde314a13ab7e39477c4d07cfb2b4765979e556563e5a21442ee589b9238023986939818

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f6bfb9048c8cbd68fa998f4d9bb4ecdf

SHA1
e6186234d24c7ab615847c62bafa0f89e32a4dfa

SHA256
e4ac4f018d7c3a48d7cfb7e867f0fb953c060209bf446460df4424ed58751fc1

SHA512
06fec5d3227648bf8bc257b100db5e07157888b38667ccda2082d4c8af693559825bcbf23c0777b503e64aeadaaef847dcb3e490f43e66ae9483433e7012b17b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
c44270378c63030f2199b5d4c9ae28b8

SHA1
6b4e00b56ef77bd05ae1a2309901df49494cd7d3

SHA256
91937e3589ee7170b7d7d717705de4371feae301f38ba2038d6b6863fa27d11d

SHA512
2f1f4c3b6ae816b00bf256f15760649b61058fc7eebbaa0bfc7840dfb995b20ca078afe98359e57e97c9f55b423fb57d7ee3ae0e2ed4c4a081f833b1900c5892

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4cb617a574fcc3134818090404d02b3d

SHA1
f29373cbaa00f9663dc3660e0b620a8870f123c9

SHA256
0bd0bfdccdb2419ea1289130597c3cc218ea4f350b5595095d61dbd51cbf0442

SHA512
1c1b8562c885926443d78c1b80c7939dc8db440accc9411d3eeaaee555c75c24bc1b4e975ab94fb134b1a5ff52f0a0dec64539d80032ef6d59267b61780c0262

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
1a3f54994dfbba0477f472a36b7278ae

SHA1
3e124d698b67b4349e0fc339b5e4f22a83b37a8d

SHA256
1e4d29e0796bbb125061c6c7ac7f764d812cdbcad609156debee6f12f76848da

SHA512
7b1596a5dd0555e4422ba087882915034d453e171643afa5a6036981d04a67f82df155367da44aa30ed78a416bfb5df4dabb8487e898272f088ecea5cc2c0140

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
a9223fd246a271a2c8c241ebd6651322

SHA1
a3247d0d5863b3a29cab6a79969b2920a497030f

SHA256
1188b4f2b4e5efcd7a92905a36f0dacd522dd1c1ac3bae0feb38780f9198b22c

SHA512
cd55aec78a4cd5dc3396ad307bd306ab8b4a6eff5a0b803b3fb581bb49d865d6a0e70dd4bb6f9b4453bbc3b6cf29b42004841727161d47cab6cb41b3d9b8b687

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1ae9e179302bb8251c412b94ba101c81

SHA1
13f4e8b71a9daadb97a4102112b472b320415c91

SHA256
7d12ce3590c0f2d5291bf3e2332fe32c96cf318feba902ddf76258a26ad54554

SHA512
b27d0f55f56c6d38bc18807ee1ba66dd8debc43ddf1b110039020343648eb3128279d3d22379479d31416f8267415cb84a275edcf82aec90304dbf3ec4edcb31

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
9cde6fa63f4dbbaf2675930621effd25

SHA1
6378b8755500e1e22c39a5129aa8c6c7e38b0e34

SHA256
a95e2299950e77c9fb880d55c6d3c13fcc45fd1bb71eb76ee7885654997240e4

SHA512
f51b63b4a8e98061140c2025a09ddf696be340b3c179f12d7429e121be17284a12d47fc2145743b41786733d231bd5a0f4a1a8fcde30056dc4db8d2976a5679f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4809f64056bfe19155d384970aab426b

SHA1
03bfe28432714a7f8acbf4c25facb75cf2214980

SHA256
60d3dc641f6282a9533ae60865ffcdf34463c4b47c3e78145cb784c756d6ed67

SHA512
dbac3c2f7f5b2e017aec382a2bee19bf0183dfbe5d39021e666bbb6e47974bd6a783925a81205f56a9e639d31d7f97737368730dca2f5ef052982d7da51409e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
78a311ecf4fbdd9da8941e40edab5e2e

SHA1
2d73dfe183c8e177ac8ea072a5270ac676d185e4

SHA256
46d948d4dabb8dca93532f435841b65512a81a2bc5f144d38eac746f9338b245

SHA512
b1466eb7154a496044aeaa6614ded98addc9b726617220ecef8c4376260531a038c48682260747374d50b744bccb2f74ef9af4708b917905d0cd72d6b21fe45d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
a41d5ed270f144ff23dee8c3d0a67cb0

SHA1
f272928d6c74c2f7aedc1c20c8ddd846c6f82e1a

SHA256
0cc58f56ac6849986cb74dba98232373dd31cb202053b948574059f7ecf93c22

SHA512
3c2ffcfc4f03d2359f0c62e8233d78e811a15dfa482d6ae4996474e0c8b0386766729d930c201f56a3b3ee5236e4cc1cc807bbca5028da12b78de0b569a4943c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7deb0b3d18b25f46db49484d3c5bd105

SHA1
2df12c20a557bbcf94f10a69bc4164a52112771e

SHA256
7b59406664a581002447387d1d29d1cbe6e5514b7676512ae756f0cb1bf6be07

SHA512
a07b4a13427eaed56ca016be686341752d7ce0c6893b7935565947bfe0f3464d60c10a43e0599b5b53785e734ad48f30954620c0a678aa88234e04454b70081c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
44459da388bfbb2bedbffc9835e4bcb4

SHA1
aa78b12c81b3fd1a03c33b5cd78c6588c30c4411

SHA256
108a072f641f0d7dac0970304dbc2447acd6d14f20c7fec8bbec60cfae424de6

SHA512
71a35c643b61bb85f51dcbeede03fba41460a96c4cc795756cffaf62a9bd5937a6ee32492c50db7c6fec272969e98cc2d9c988a174f7feb143216a5e3b1d495e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2a0863cbf21655c904a01910acc4ea33

SHA1
f41617ac6b4442d3cd064310813c9b307b1c85ba

SHA256
77a7c30e687a043dae233709e085aea47bc366f270c6a3a8853e5a46db654759

SHA512
50c3cfb0409c97916d314ba623d344a4d0fc9cd7ef9cc2cb35183a998b925a4746b09e9092915af54337f221beddb79ccb82ee7b45c35f9c4063c46fe3f55432

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
678a994f451faf10aca35e445f5357f7

SHA1
8dd279838cbc676f446ca0588a2b69bcdb3563f9

SHA256
9b2585ba52150a71a9be0cf04b15fda5729248e23a665cf26865129cb03f4ab3

SHA512
9deb61dbceba8bb35c5d1ae4b1520a33966b68f6bf350499b71efdf313fb47b86c8dd00ec6e9c32c3032c5f8bb90fa53bff8e30f183d3796e4480cdfae5648c4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
628753d11002afac1a7d011b49cb291d

SHA1
e852467ff3773d968f0da975dccf9fe2d40ea325

SHA256
513e040fa28f1a36b06dc825e78c07a11476dc353f19ac41544208e7f59ee435

SHA512
50e88f7539224de0ab65ade852e55c11caede9d8190500fdc089c30339a4365957126b250ce788feb427daf85e069e3734ce5cd8cc1cdcbbfe81beb9cc3e52c5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
3d03e6247a28af8d49127f1ea4d2997d

SHA1
69978c2d79d2cca0e228e4e73ac6df973442010f

SHA256
3ead501441330f3790b6886dfbf7f2634b8ed00bd32aa86472ee69b7273da124

SHA512
765311e200a09e597eaab947f4ad9690302dff2e2203641686ca5452b01a065fbd98321cef0d156629ae1f728e637966935eac5d24e9389926d0ff8b67c72294

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5cf0b39c1051c1370a410df1304f23ee

SHA1
37431be5ae25c17b7251789c2b387afa6465b47c

SHA256
cbdeaca92d78150a6bef2ab8518a53574c3c6539b9081bb884599e6b47e71a5a

SHA512
33319e1ef160de4a0cffc7a46e282a898648958bddd8c23aef39bcb18800d6570ec08fb78fbc6c43402f1890b004a35b5dab05ac82976c8124611a69077224ff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
03c1e952214087115c1565ca59a4dd0f

SHA1
f4d70b8f07118081260365dfcca2671f20112b9b

SHA256
e864664c402e8030dc5f3546ef4a5913cbb8954b178e9552d118aff45f7f7edc

SHA512
8e42c13f21c27c30c800a98cb667a1c479763b9e3d78c1359bd2abe7f110d2cf783221c168806da02d125f7813154d58fe0f7987476aad22316a485c46bfe68a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
72fdedc43a01d3a1fd603b988d386f9f

SHA1
15fbe23fb5e94b8682cfe6cc5df4120cd7b395b0

SHA256
7275616ec02a80a490a2bbf1355ebc0ef305ef9f4ed309cc796d81ce6c200553

SHA512
70c51af266142f5f39e596976ca0327e985fa67ef2fe6dcae4fa1a7a4d54cef77f09151929a638d8f6e682db8481243158da733b51326b3ce4b42e7780fbf894

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
0d551c8f34ef43460c017d8970f691c9

SHA1
65b1da941fd657e68b68b73499d75d4ad13b685c

SHA256
6e2bfcd9a0e64b8a5fe460283070719798c93e3e07779999f9d1c32ebc2a0aff

SHA512
4ee9874a9cde32e784bc98a1d6ef54086c8e855d7451de167bd6c786a2511741608c7d0548afffd03f660fa635a3be47fb8a4ba4976fdac357141ed4ab2429bf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
293c53e3c26616ca6c0c8a95510229d7

SHA1
506bf0c9054b846967cb50e75abc1ea3a5fe6bd5

SHA256
cecfd0c89d04272c45f69e338d8523c3954cb4820e2db06a843b59fe8cd3f56f

SHA512
8d2b7b947a8f31673db37acd60469cfd6edd9372a900dd11f30037df17ac4643235d5ce4435070964753c5112585af1f71299a8114b8775e3837b4a1a3993878

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
ef87d51100a9fbaded693bf7aa904969

SHA1
3cadb64b9601d1e721587613a0d8952959bf098a

SHA256
dc10da3aaa731079bda74afa99c3b56e4763700234f77397ef360b861f21cdd5

SHA512
1c7559c5a9b30bb55aab0e23477fb1ff3c6d24ee82c80a0c500ced7b71c80e24d6ebf6dd42353c43fb8276dc48d00198b89aeaa17fe18573b2323511d48bdc06

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
02f38443d8b4a8d2b5e084110dcc9022

SHA1
5f9f2395f63588980505086026fd178ca127b0f7

SHA256
8ae54f095ab76adf9135801d4c6635ac71cb8d0181f5e4dc7b81f385c91ce3ad

SHA512
514b65a96f94e9b9e243bc4dbda073141c2c99eb78cd00ac83ecec24d62c9fb0c5784a54c5dd8b7c341a600d060c2daf48bee419634e11f65eb73c0a7bdd33d4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4bc70f12d33462c228e1e09205a2b8b8

SHA1
624ed9fbaa920c15248cc543ba3f6defddcc5374

SHA256
c5938d5c95142ff9854ff3415fa4d4b883e343a7539b9c5c2da0f6692c18479d

SHA512
6bef84489b0918a515421144f03cd178a4275f329b40f8246ea3e3da73022e2456afd417307dbb2438bd4010bdadf09fc41695041189b363c091581ec51f8751

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
94f6e77ac825fb222ccdc69b282e73ad

SHA1
393432aa83f0cae0ef3ab7c50fabe9d3d534bfad

SHA256
7191fe827c30594e0ef97770ff1f547f64880a4c15ef356354d0320d7bb15c86

SHA512
d722aa6125a440ecc014aa5721c74da3f034a4cb8997750150c0c7a31126bb20660c0732219ff61231141fbf23f4817203a0c65192ecde0f581db251891b96e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
9af3fbc03484bfbc64e958104925fcca

SHA1
dbe8cd8f21b4f08e355e2bd091bb3b193aba2579

SHA256
3cd932f028d7b146942efcce483fe7626bec05efd99b93a6093a0b27155e2ed0

SHA512
bcc928e9c7fede38db74a591e92362e8d38f2298b2581e670f7c50327071102766313f15004d59efe464dd67c83b92e790ea89ebe9635a170cd2fc90e96015f5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0d105eb69e05e47ff3b29535aeb9c126

SHA1
9737ab6eb81f4c62a02380830329ebda96c56892

SHA256
de432884983cf158a94fa9895ac5251e4207cff98f9b167d52f44c71d97ea2c1

SHA512
c33eaeb41eb161a23b16fab7a41108da28e7513e75834fcf074fadfce42b8a675362234026fc3cd63f6b7a71336cd66b2ef8c6f2caf0fcf3e5b201d490587b7d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
62e3924447b96bca65d05b9a665f85e0

SHA1
00ba686e2c32eaec452dcf7263980e0501668a99

SHA256
13ffbb740622d61e33544558437924574e5aca4aacc07dedf5ce993cfcc864b5

SHA512
242986d997ea3af9fafc4ef03da7e169530529faa8011f2e7ac2731d9e27be06136adf0a07c6d3a561003b07c3907df2d6f62fb09c2abfd8b44acad9b454fa92

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
330eb16d01caabb950e753b8b81859e5

SHA1
bf0353a7911931a086dd0ff1ad7fa7f8471e47bb

SHA256
381538a8b9da61349d2b1f0c69e36c5604c684523f9cf48498f97c1c7ebf5c0c

SHA512
66e0faf175fc3f39cc9d0c24f243a9564f132eaeef0618eb3e50fcc1437a18c5998b547bd5c97fc610b0e06ddb0b1f69fb627f3c18de91451ffb10fb88b93844

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
3d4d2450155833106d86327cb3268aa4

SHA1
08883b3cadc9983add81808c43198de359ea3cbf

SHA256
a752c6fa6c4cd9f8f3daf74b9770748c129d860375e6195cbbfd4cfa7c154636

SHA512
ff329283d6fc2bf599a906b1d10784b326be7fdcd07418f025dd09ea70ed6c5b1754b4835aebf31cf80e00446a3774e2ffc36b8e92f111d9886eb7bf5bcfb431

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
4.6MB

MD5
0d8b60c95265e6466b2c0d47a822656f

SHA1
10b86408ee503ea74a73978b3c2923fa8f38eb59

SHA256
bf0a094b1197c5f646009b0b3541197d1cd9fc1869fff455f0d8a397fe82996c

SHA512
33f18422f30ba92b14b28817c3a7b3e6b141252bd3af95a242adbfc38d5a52bec9e4afbd5b7af01b3fbe59e239205363c7e65aa26bdefe8167a8cb86c85fc6ef

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.exe

Filesize
4.6MB

MD5
9069fef0ca08dc3a07adfe49571fd12a

SHA1
01da641db971f740ef768c054a9a0390fd2d06b8

SHA256
5ce8b27aafa6dec1ffde368099e80f288f86fab305138321a21aa3fd5a95f371

SHA512
8f48c9e366dc0c5080731c136c95805980337e76b21f359f2a2beed06bc0b50ac7446e4c4fcbf84804cec4d0624a591882d7f6d56bb19fd5b6b270ac6b4ef8ac

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
4.6MB

MD5
06d3579a7c1a8035a3122b6a83e8bf1a

SHA1
c5486c3eb99a51c4d74667c732776dde6e986d17

SHA256
71b68beef876d64ca571f462f9a993efd366892b41470ba0ae73a0f0a5514b33

SHA512
478b55a8d4ef0e720fef6fee4415aca4fb26bb333860af6dcd5096035f7d0a4436b4c11ce8fb6827d7f435540492de13fee12f0ae945baf7b7ea8194cef04d24

Download Submit
memory/1000-50-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

Filesize
4KB

Download
memory/1000-5-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

Filesize
4KB

Download
memory/3144-0-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/3144-45-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads