efc09d8803270ccc2f233b3dd7c1648e589b05d27df428482da49892f7f868a6

Resubmissions

04-10-2024 05:24

241004-f356ba1apg 10

03-10-2024 15:52

241003-ta4cxatckm 10

Analysis

max time kernel
145s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
Size

8.8MB
MD5

0f77d1cbcd4f7a463f9d534faaecfde7
SHA1

b93cd34dafaa156aa8da2de6ae2ebadfa417117d
SHA256

efc09d8803270ccc2f233b3dd7c1648e589b05d27df428482da49892f7f868a6
SHA512

13f722c56f67f99f7d3f79f21b87ae80fffbba371758fe9b35db324ef12491b7bb2fd12c06193b91a4ba5c762b089186b5ef1387292acf1f0671d29f31e17668
SSDEEP

98304:iE20IMzKpXOMGQxIMzKpXOMGQwTpKXl50:in0I2lyxI2lywTSe

Score

10^/10

discovery persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Executes dropped EXE 1 IoCs

pid	Process
2200	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\L:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\O:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\S:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\U:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\Z:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\G:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\P:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\Q:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\A:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\V:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\B:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\H:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\Y:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\N:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\I:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\M:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\R:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\T:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\X:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\E:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\K:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\W:	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	HelpMe.exe
File opened for modification	F:\AUTORUN.INF	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HelpMe.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 2200	1832	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe	81
PID 1832 wrote to memory of 2200	1832	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe	81
PID 1832 wrote to memory of 2200	1832	0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe	81

C:\Users\Admin\AppData\Local\Temp\0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.exe

Filesize
8.8MB

MD5
65bff0b975bdd4a6e84388ef2ab0333f

SHA1
3962c01b3fab4f46620cf2d634c33846384d31e9

SHA256
c2df70dda079e5c2d77c0b37e115ffc234ad9ab63fcfe09f79e7e7eee5aa1ec7

SHA512
9d8a835f5a2de34d775dd79f347b3be34f4c755de8cb4112eabef9a692f332790c47d67f2c1c7eb81023b40888ba966be8688d82fc8dd2ab06c32256c90defd3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7593e195b58dd49b314848645f274d8d

SHA1
0892751152a22364748fb7524bb7a03a387e30a9

SHA256
3ce46703f74681626915240da93d4b5f02b0045e23616004db406d1f45e1dc7f

SHA512
08587adc011fe09977fcc79efaee019e2f71f73acd2476aadd7204de9bdbdab48a3aa661ba62460bca5d12109d7eaea417dea988a409aee766bd768171f198b9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
664d91a07fec118f60ad7f993458715d

SHA1
54c5db5d5c4e7966abc3e5a7c4df58890c183e2d

SHA256
c706e5cde33d22bd1549e5903dbedf06bc3ab2f706c1eccb6c26f1cb8ca4709a

SHA512
63696a3a679334db5440ebf7f1cb87fc69199f90704754a0f23505195ac145f79ea0047eb9ab97ada5c57d894aaa0dd4f1685af9c523051216b2ec8748e448e4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1832792c94faeb4062d4432d0c30a7dd

SHA1
9498f233ef02e93530c98b8a52d00d1ed598fc50

SHA256
53ad22f6da1c500fc286b87c86f1e8138fd8cec3b49a08874c36bb137400a589

SHA512
2b6ebe5e5cf8387d981cdab31b1c5dadaf37cf7e4b7a713ac0ed3013b4c54b1a45cabe05c879209a261d2dd53e7b59a5d184ee5bbd8bdd535bdec0022167ae09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
3f7cfa700e822bbaa57e9cd03487e4c9

SHA1
87791a15b45d7b6015f794556abc79a92ef1bc89

SHA256
e7b07cc13e150a5f3dbec4b588291808162203c3d2d4b74688d3d86efbaa19ab

SHA512
db06a4412f15d37aec144af12582baddf4e4cce68ae295dd34d92bc494fef7f691da09f07298aaeeace01411e7768ecabf9eee0ef92abbd15714e674367b2249

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a2c307fedf27398cadef2584313425e3

SHA1
802a2bfa684901701c364489b6255b0d08256d5d

SHA256
bbfe8ed28944a170782efc1efca2c7e82b4accad0c4a3f1bf511fce00573ed30

SHA512
efafe3279f3cd548d58ec68d29e8be5ff370961b461b9fd9e9ba852fee931a40c8d72187e82e98c829603fd166ee3d4e616702260efd514b43022ced7552ad5a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
99116f851746067e6fd21e5ec7bd1fc6

SHA1
463b581e1da93ae719ab214517f40074e82818a2

SHA256
eb2c2687db48707fd0e1acb8e49816bc70d9cc884e6787a9c69b82ab802ab92f

SHA512
bf766f6342c0fa3548a6687cdcec5ba28a9c9083a4d1f0211b759fa25be3b206bcd492b96d272e2b3a7381e971467c6dfea2b28aacdd9a97e503c585a6197e52

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f5f49650930bb261999a565666e555bf

SHA1
2dca510e6a4a0038dace21eb94b7f46b92a755e0

SHA256
8e575f96699fc22ecbf94c35ae8324274a087d6d7f9cce4ee7080a17af6d1f61

SHA512
a6a9e83116eae39a551acef57858c40b3fd5385e75977fee637253784d31a5893b978eb848f5460ab670d32be657f25c6f888122437003a20b36fcf01c269046

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
69e40ae02a1a54f42c669080a0e5e6e3

SHA1
f3ea00aa8728c729ab5b3187b8c77d8730a48f00

SHA256
daab90f4c02ea20978dc267a3b14b779ea1e0a39d8317563ecdb3c6110aac0c9

SHA512
5cefcc071fb32418529d187cd51c265e1cd94d1ce7f55f3fa43a20c04d05b8144b3e4fbf17e029f49d5233f6e52eddf7bf6a2506f429900a0c1cfe00bcd4b381

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1b24ac97fd002c92e3476e8ec05f8b5f

SHA1
9a5e7a1d9c70b0a75ccc11de439c347f809ce187

SHA256
966e9f93ba238341484890836cc5674d83993f4fe6d381278d06d8927612a0a5

SHA512
d891ee748b4df79e34b21765d832289958d5646c25bc02b01362c44608b962110b60abc7084450d5364a6ce9eae62bdb6e82257ab92f1d4cb1f2a00a0e16dc03

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
1bf944da3658fdf9647bd40f56a9b136

SHA1
645a2321b6c6bd3b764d431832b298a3bdd91d15

SHA256
061a979933ad57cc00e101e44e4bf4fbe14876e997eb19f42123844a07c70d4b

SHA512
c961cea089463e4dc39e49bb7159efa385ead071593cf997d01e5001d1735753ddebba55312228a148fe11f3d6a609b86fb9c870054c8087eb91c35517761443

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1fc7ca34e30e9b4e1141763c48848a3e

SHA1
608322f356f12beccf44881d914623eebef6aefe

SHA256
ae75d79fa8f567875ef6f4e97c7630befc7a8d31e75efed26e1da72269534385

SHA512
a25e87331d58e848e5b1ab051543db19ae1e0aa93e5a2e6971be01cd0ade8de73e6bfa46a203c68096664c9d83226a2dc70dfb916e668d52eec50b66b96c9f54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
49dab7df01b93a100dee174c6c7344d9

SHA1
6dae5432d9271f9effd3e06f7512072f6c27a9f5

SHA256
79d786da2ae5f1fb9cd3391398559f1991e3ffd98ee93a996e207f883222cfe8

SHA512
4240d0ac54696b59c15267dd8cb4fdf3285ea80c467abade2f3e15beaff7a7c971159214c3d5edb19dc0619d09e9eb43b0598f87a0e8adae1e30b7711cfa7e5f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5e3fe8d995e712658e95d48329a33281

SHA1
3ace58f5cf3b5d1bb1238574e949962d24c3c014

SHA256
7a40331aa219432666061dd033ee01e18e88780599ad7e57b6a9d4b91109234a

SHA512
aa214ca56b60fed3946db1dccd2d183471f9cfb519ef4813bb302117eccd31f4722131346820651bef70625619ab555059aa924f64f2c66782195e7d28e8280c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
11035078ba3cea26d2b4a0045f7fc0ca

SHA1
3cb1399d5de8a5ff670efb9c56ac22ad7cc05a49

SHA256
fc6ca0be27c9d7f3fbf15b6c08c8a185ac24e86e0257389984d4595ac423805f

SHA512
d504bae8bd9469f3534786b7562b5d34c52170a7f312f73d389dfbdad5f26cd67dfd105511a90ddbf775b8919dbcfc767cb379bd999dcc56a42b42a4ea907a0c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
92b873f80e28d08fcd6ffc2f79e2ad2c

SHA1
d5948513620c995499b75cf3a8d15f4a19b7dd68

SHA256
d600aa486343fec59668671c64d7c54e5c6cfb57e1d16d772b43fa1101cd5c67

SHA512
695d1e3dbc807c482c9057e1914743f8413dcd5d4bb0d5c0d91bd9ffbaee80f3583e90b1eff43ae2fb5b6967d30f7cede36308a2f710a4df67cb71f626ac109b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
5b57fbd9fb1b4dbbc88b64257989b5c3

SHA1
c252d4c9393d87a77792647053863aefc47280fa

SHA256
1c19766b8ee864452804641fa81fca0eb7199184cd3c674fed478abc136a1f63

SHA512
4eed28d447102b8ce7ffe6702542fafb359a4ad324acab391fd0eb5fcfa5ff430c9e0858c143373c1e2a6495b288e474a8f2fef16c127cd3b68c71dd8dada952

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
f13ea6bc567bdea68c9f22302020b441

SHA1
034e58fe856d959d0b7c53131646a31809c64eeb

SHA256
0e08a0801d9bb7fb68c8767bee8cbf4e2d93c4107cea9717a27bae8e76dfe06d

SHA512
f84b816f7505e6af82f799be1c027ffec09496270a64572c4c3937554bca725cbec86ccc05e9e6df1b1fa9ede9dae68e71fd6e27c61bc85d5071d4bcae22bf98

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a038c52bd9c7be1c0ada97cf2b7f6354

SHA1
fbb1c167e9ef4b22b1763cd0668970df94745ba2

SHA256
d55316654c7fefe293d6ed5451dd53919ae6d119221e48b21dd90e0bacd67731

SHA512
27b3d5e135b3aa67144f2acfb79dcad4be12696ae498e713c8981058367d158a8ee5c95d787634383f6c91a10fa1a0632a339a785c2d356ad63d743916283815

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
f51d65d5d6b56c8a7ae81012d914bcc6

SHA1
3b4810586607b7e3510649c9b7a588505d26198c

SHA256
c3b9e2839a5629b0b6374230ff3ad72f1aa3c58ddb4df849aa3c863d78349281

SHA512
268ad204603067edf133d69d67dd65600e747654b38e50d7cd62f2750b6bae09530aeb163a82cd7aa8597fe24063777825df4039eab986a2fdcecece373defc5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b7fd0d3d95cd488426a73cf3416da9fb

SHA1
623cfb6ed070fd5f995cd28b39e8215575435837

SHA256
aae5600af9f4a195ad741d33bac51ae1bc315f3cdf7109e37c57ebbf9cef611f

SHA512
3d756d8a619fc55196760bc6a222cb9c5a9b518a94864be8e44af8fe53b8a99cf348be54936228eaa3be9f3b16953f025eec702adb17bafa0a228915ab10ff47

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
6d386471c19059956dd00e84af340b4f

SHA1
d59c4c941b9333eeb4509aaa5d760e9c2a5464f8

SHA256
d7705efc77ec11314a4e910c7d04cf86b3df5acf2814e0544be52ed52a7c5a5a

SHA512
4f1ffb023ef8e264f26dc6bf79ba4ae90f92c38104a80dff2912d22eac0672ff4c2c5cb1c79469c6bdf47d9b357e7ad89fd0130a9f67a61b6b9cf50ecf6c67ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
91a9b666776e8e83c3d1546adfb87fc3

SHA1
5990a61b1ed47cea6a0a1bda5422af98a6d52064

SHA256
78f31ffe1dfb27da0dc76ab51a78d6bf062101bc6abf3a9211fc06dd2e7ac7e5

SHA512
f5b5deb45fa41485a0a8b7bf7ada329b46b9790d1afaaf841e4b8cbdbffaf2486a9276e30fc4b181e79900c404e83871dfc96d27ba7ee4d1cbe90b94c514eeac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
c2988e5b4d3e84c1d23a21a996aca0e0

SHA1
28f1006fb73a267d5938109f6b52bb27700daa36

SHA256
c29015986a8b99c9a51a4b108a5928ddeff7d9a9ae28e64612959597b16dd310

SHA512
d1d5248f0178f1d3cd0ac540fc121f40ad070263a81ceb5fea4753bbb10c40fd63082d2b74aa3f17928f9d6778136df8a4d87b54c53b0b94e2ca5efed6e52bc6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4fd2b56edf32fc60a0395b78851a1515

SHA1
6976d1d986ec3f7de2b90bacfecdb9a78cdaa526

SHA256
679aaa8b2dbfcd434018d593e6c90970a159b2ccfbe2d4b889e8022b8fe1718f

SHA512
d58dbf8bb700f5da248a96c4dca7c0e3adedde0f0eeb17edcb2b80c8f9b5b7cbd8fe5a22df6a7bcc54a50fac659798b2c9d705f426305df73a56317339d6a619

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
42cd81cc644c7dbc0c2b1e5ca099d28c

SHA1
b56b473b619cb73f5a4eb705e70e51a53381abf9

SHA256
2e8933f09a43991ee7658c6005f7ab527f5bed4429f82d51bc3237564edf7172

SHA512
6bcddec5316c5e985bcd72360a2e97d2da6735da6d9dceb0996420473076d6690933a1b2cb9edf2be961304294a28a1017fd2e493a86aaf5b3fad333fd3519b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
466d2405b85899526f5ad19621d02a07

SHA1
2063092c043f566b5683d383545911b7e6505640

SHA256
994e51f2fa51988849e618825cc6f6a4f1d21eae989c83c67211b8db3717ade2

SHA512
60af057e1639c488e2b87fd5d67112976bed260b30fdae22ea4bd70e15c32c6c70cee391815218a97951bb5012b8fe1b727d0579f9e41a593d86c0dc2c38af97

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
290538fcbc3affe3ee5418cbc78da473

SHA1
091bd5c2ed285e47523f5cb90fc37a1dc0064a0f

SHA256
c9cbc6f98484f7c5bfa92984da13e5b92f55cbca5629eef8b50a0d6a65506008

SHA512
402c67777a1bc150222f52e30f60da41516aa8d793fed5f8e32a257e7e669557e450885c936c19a5f4670fbffb91d0e9c27933a417b15fab57488cd17ab02fc1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7d3b3150d04498dceb9e3b1e346745c0

SHA1
aab7df3264f717dfbaff32131e034ead9c990ce3

SHA256
472c71c2f9bda22ead0a25f8d912d1093fe1b92d3edb8373244b8ac2529af5c4

SHA512
562558f1b001be8967d810ea546a89046c66c51da4146288986e9f508bad83bdf5173aa24a5c74f6f8149bc99a9a5764f81b459bfb4e95f60a4318c37b6d03ca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
a2c8406436be5248e7154df011833764

SHA1
1d9c0ac317dfffad51f2b017da877d3f7a235d0a

SHA256
9f43ba1e94b75e4701706ca7917b61e6c2dea32edd2edf5cb932eea750487839

SHA512
6b6f0061607526772b103ce351e97ae94757cf714d32b314367e5bb446c45c1d3e89fd13d4cb96c34b0939f931955c1efc058d4354d0bafdd803f794d98c8c5e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
62ff0b2a1fc0748a743181b2cea0b744

SHA1
2ec5ca5d66e1dc624679033fe03c5b633081109b

SHA256
f3ea948e983c039cb99b622dc8a2a54f18cc223bd6b4722ce72a533e133b526b

SHA512
89679efa5eb879e4474288d30597ee37380697d4bd321a17bfb48fbb21a830a80317777e63c3add821ddf309c90f44435d1d0a09efbb03d42982cdd710e509c0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7cf8b8ca2114d06f5734feb2675e2d2c

SHA1
04a4c83c4fcd982c8ca48d14539b449b9fa285a4

SHA256
eecb790791a4d31da0b3262727f2db2e24d96a56f3add58191e674248e048474

SHA512
2471da9115229dfc9d07e9159f65025e16bcbb355f5b276b990f5dc520f50a698c82f2bb145fdb0bc48f088df417c7ad4e5c44e40ca2898d65ef6a9550a212e2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
3809ef3d2e43c262cc00ed0bb01ed26b

SHA1
5d9e611b50258e0f28954d8081c5a2767100f65e

SHA256
b3ab9655b361ce0b1022a6985dce7419319b60cf93704ccb68b703d72bc758c7

SHA512
decc1b5655e78fb9f74147c92c9ae01e7f3a041d2f24f5c59542f6e3ccdd5591db27d9b0fd17daf651b6191fb83b01bf4519ebe6296dda9cc516207047a59e63

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
90495296bf4da7e29c8a0ab2a5434aa1

SHA1
812f074b84a1289380046c93ff20339d72b44048

SHA256
061dcb3a03175dddbd1079442978d97bf4ede09c3d8d0ad0a504cd5e883e3455

SHA512
69294eeaa38f8831a1c2e34a5a0345116603b927f1284b11f30ad740840ef2b158972dbb70915bb7689b5dcab35977836aee1e1c82bfaa115a931b1c037d5113

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
7253496489b4405a02fc3fba9e46aeb2

SHA1
5477e07d2679fef93b2645b8151921dbbd6c4daa

SHA256
fbf5c693319dd05d9c64aff819f244c2985f1f9bdfb2de3a705df1ae9217683b

SHA512
048a07c1ac30edfd178de43a3bd5d3324840837998797184cf40e00a00789f902915a2b52c27459a0deb5d09cdbca39f5887303ac1dbcc2185b5a3210c2a9c76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4460714929323e25110f17f91b79385e

SHA1
95fe1d4b8f5467085bfda6d36e601b75da3adf5a

SHA256
f224cdc9662a0f7aae16264264b0c1907eacefbcb05c0c764a54a26835f99e73

SHA512
42c6193937b6b6d502dfd7db6ae653f82c15aeb611ffa23fec15f3119dee5875cdfbd1eeb6edcda181d2f5fe26b6e7f1b303b32066224c7be824f86a49e47d29

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
643b272ca323d7b5f7220e95f94048b6

SHA1
d516186d1e807092fd886e4d0c6296aae7e25091

SHA256
f337364a11feb3e3c44a85de7b5c67f1733558444fd9ed399f800e110b8569fb

SHA512
5a6086fd4c9f7f354f8dd41f8e1bd955b223dcb3c0fed8276da2140e24ec71b9b382262f981c3ad2cdd20d87758f2fe62640c6a5c659e80fa97f7dea007b2442

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
8c78c51bdc2699b54dab5622217a870b

SHA1
d8bc899d42c27f4fe0b8381bc70302660cff4072

SHA256
02fe7e8be697affbdc22f66a19b5ee9f0e5229977b3c6d24a9dbbad7922e9b01

SHA512
f7feb26f3e3db40432948241a732d59de33bb25743bc32c8473d3b413e6d4dbabe09083efffad61fef03ddf70b2e7ebd15598def15010cbc0346a1c4ffe6a326

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
40889a1c6d90cbf119bc8b636fb1bbc9

SHA1
9157302eb11b9cb70dcde4362ccdd629d147bcb8

SHA256
d1a7dbfe7fa0eb30125af54043bcbdf08c672e4c3e374fc576e86865a14271aa

SHA512
20923ec897c89124f9706197acbe2aedda184aae64ee999b4dd53df226290c3909fbb5db3f2ad6d6cff7de8952a19379ae3c273a32c38f7d282fe9b09e14419b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
71669a30b6f2b7bc465c2c9f0e0d3948

SHA1
6e9ea60beb626cc08ca75c23826a0242030ca332

SHA256
83fcf05e21c1f2937bce325fba006b0480aaad0a7c29ff34cfaf4a0896da8b3b

SHA512
61921b95c3a7b52fc47911a0c3adfd2f92d17c73da2c40c0424a313c4b7b22da0d85056c5a4f33b7c20aa3e06e4c6fbab369bca08cd72524d692891e0e5c6df5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
16362d2812c4d000b4969361f699d492

SHA1
b515d46d5eb1a0d6b40f3a159f03d01d88aeac82

SHA256
66c6631141b95eb3f2c52bb6ffb982f3a05b9cc8c11500069d24bc05f8c02326

SHA512
62225e6d28da55a03c8433d8b518d53db06258b9d2b3c7643a84fcbd984bd30caeaf354082fa610a7a806701ca8bcc3736dc9f5a35587c59ca69e23a36d1c1cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
f8b9b471ad281bb41310502036335571

SHA1
c8d4c52140f691700c421bd408fa67286f7d1ccb

SHA256
a075a37e9d7e41aa9886553b3c373649407b15d105069f1f067a40c218bb375b

SHA512
1bae3bac96779e8c995ffdad7b9d4c933d78724c4b42ab94d4e1adfb71012bee517f28245ba1571896ce62436e04d32a4f48d899c07145880cfb91af47bb9a77

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
9fd3052f471e146c3b5523c77a4a5782

SHA1
348276f6a51a66742f41befb66bafc998747ff07

SHA256
52259d6261e76157bc6968fce3dd9d7d3a6a9679e4c6089af1c4275a71757635

SHA512
ad9253aef8762a75143b67db30f31c3173b91359f11d7752a3e7a73fced852e22ceac52bc7a0710ea5e85ce695966b85cfd2d5d2763314d1faa8f4f62f872809

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
357811c896b8742e38c9eaadd8d61a10

SHA1
7abcc76bc3cf650cb5075b90fddea25826f7d641

SHA256
f8440a80c787f5c2d64f40d3acd7d87dc260ded3b0f2493680e1592c2358873f

SHA512
5798cfae28346d3e1c498207c747b1e6b98b3f8afa815b5de1009215801424c4845f680896d063a9ac4f134289dcfda96dc7fafdb17d414af96b9f804521d69f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0e416418bd01474b86e14e55da0544cb

SHA1
211101e3d8409a1b8b449dac380f249aca253fb4

SHA256
7f8b34315478f99a8ca583a23be77aa4fee97281ad48bcc3b116f78c4992ed8a

SHA512
18ab8b58f44f4cf4595713ec0df5a80165afbc3e86a36534ec443bfe7d109c764ea011d3f37797cf70d18b4a35b4a8b887e44951a2ea5995089c62d1b2c26ef1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d8c8220b41d3237ac59e3929c859d76e

SHA1
e3127ae0e258504ebb1f5882d09a9269721fb738

SHA256
9331e74877c29a242e446445bbc6a5a2cc220391c87e34d6cdd004c18abe1788

SHA512
bea78be77099034b9af80626ef9404c90581797e3f107b640b8fe22ebad09dcc81c36cf839ec4d9f7de491b34b8c652172ef457371a98eea6a5601fb89ebcdd6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0e705e74de2f15a9acdf99e8ee3d98d0

SHA1
b564530d0961cab450af790e6424cb42fa7d3751

SHA256
63691c73c7f66a86b794603fa59a3fe051b755c0ffd070a6401bf0583ddc8508

SHA512
34ba8f117140830f5c676d769cd78e79dd58432aa2dd409e227b0591d0a01fb216e902f69ba28e80fb84233a88c0c2823037b2d0555d2d11726b5b78e461b1cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
61265949d728a97a20bed16f8c175ec0

SHA1
8ed3b28b8598ab3733d67918f8bab6177acec216

SHA256
44319473ff8d6c72817445f1cf1e7a236d5125660d2bdfefed1176729c5538c9

SHA512
2237d638c314dec161438efc5ee4de969cc341448c07833c51e458b17b2c1c858f7fdad2bb5c44a089ff34f8252b9295360623fb73b9902a921fb29d40fe2099

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
585349294105d330c4d2d964fdb3e7a2

SHA1
14b4bb79c6e5500ce34f3891a903d47cf0c27e71

SHA256
99c5582e9b221c0f746ffd2bd448893df517eccef8462d4dacc626790660e7aa

SHA512
efde9a199af8eab9bf70eac5876014857185389b36d1d12f0414aab0afbdf9f2e8c9e6c21d76e5903248189d1df9f6c53c196eb83391acd7e69e0d7aa3d980b9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
d78323424a78832a1930756366fae1af

SHA1
b75bd7abdaea2a3c892d8a5d95431894a9816f78

SHA256
64358381ceebb6345444d79a9b3b109dfa5354bd0da343d776c9e97e96cde24e

SHA512
b8d4c6f393d707c68892724cdc0235fb58183f4aa5d506d162465a1214710fe39713e6f6bba77ff35b91c67fe7cd3cceb61bc9d7c8def9970071ab4209d13f5e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
964a11342ce97f9686b1cf2bdf43cc33

SHA1
cf25baa1fd316dd88836d0e84fc0d45e1abc8189

SHA256
dcaccfff85fcd2c03776c62d9fc4773601d5685b5a5157fea36586966e49eb59

SHA512
749a9fd3b5e183696ef302e6f93130c0c652edff02cc801f0a316ed82021294c38ac14cb217d05b844d5127cdc3a6448c620776cbfc172e8cd060803dd002ec5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
c93b8a967f842dfb1b17573dc563fd11

SHA1
984b81069c720aafc06b29dff9f978d50db782b9

SHA256
a8ca6bab5b7bd2fca808077e22f43d0f2f5099d12b2429e805aefb0ae3745766

SHA512
8a7670b91206a159357e14c5d52803fa277e3dc46e0844bd5174d19b5cc8bb0940daf0d2ebf97e5b94344775cd5c96b9d5bd9a9926f27a4f7a1010a099fbdfa7

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
8.8MB

MD5
7c8d02e2c5184c43c8f915104bb0a244

SHA1
1eb7d73d6e9e26e8a11899616da2f801642991d6

SHA256
e513246918f727d62b288ada0dabcced6fe72e4675537ca7906f253dccab7b4e

SHA512
ba328ab6d855a2237cb38ca7f101d8a101b29a3d55552edc08208378baf1ec3495e24e8acfa67af3497f0dab6b4baf4bc58fda2bf468c273bf4c80631ea3b828

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.exe

Filesize
8.8MB

MD5
68b012cfe6396b7737d21ba118f61c79

SHA1
372b5a82585805303583725f46ed73c38bfa012c

SHA256
6053f51cb1c4b6c62be2f95f4967fa2862deb6947805ebb94d59a07235ddc75d

SHA512
b925751a7f9d9536825f3f70245a4847479dd1acef24b42135306d9418c5f4564f40821f9b8acc87c26cbb3d1e869bcc7c581c907f8886b4df2dd7836984b3cb

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
8.8MB

MD5
0f77d1cbcd4f7a463f9d534faaecfde7

SHA1
b93cd34dafaa156aa8da2de6ae2ebadfa417117d

SHA256
efc09d8803270ccc2f233b3dd7c1648e589b05d27df428482da49892f7f868a6

SHA512
13f722c56f67f99f7d3f79f21b87ae80fffbba371758fe9b35db324ef12491b7bb2fd12c06193b91a4ba5c762b089186b5ef1387292acf1f0671d29f31e17668

Download Submit
memory/1832-45-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/1832-0-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/2200-49-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/2200-5-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads