f242225f03f529037e91c9e500847f524017c0b1a4220875bd94194aa583de7e

Analysis

max time kernel
145s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08/10/2024, 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
Size

3.4MB
MD5

26429c3fdf3a3214442037d0b59bc450
SHA1

097daf3deff6b90e6bb038426db02a0555bdd3be
SHA256

f242225f03f529037e91c9e500847f524017c0b1a4220875bd94194aa583de7e
SHA512

23b927545ffa949b17220eabaff960d92d7689233e7186a3093e0f4cf75c296ed4d9fad83d369caed34e464f0bbde36d42cc6082a86fbc9b7a3236c05186d77d
SSDEEP

12288:5MMpXKb0hNGh1kG0HWnALbgMMpXKb0hNGh1kG0HWnALbXa:5MMpXS0hN0V0HkMMpXS0hN0V0H+

Score

10^/10

aspackv2 discovery persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x000c000000023b21-3.dat	aspack_v212_v242
behavioral2/files/0x000a000000023b7b-33.dat	aspack_v212_v242
behavioral2/files/0x000100000000002c-15.dat	aspack_v212_v242
behavioral2/files/0x000100000000002a-42.dat	aspack_v212_v242

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
808	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\M:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\Q:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\T:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\Y:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\P:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\V:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\A:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\J:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\N:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\E:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\U:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\Z:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\G:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\I:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\L:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\O:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\B:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\H:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\R:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\X:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\K:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\W:	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	C:\AUTORUN.INF	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe
File opened for modification	F:\AUTORUN.INF	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HelpMe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 808	4316	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe	84
PID 4316 wrote to memory of 808	4316	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe	84
PID 4316 wrote to memory of 808	4316	26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\26429c3fdf3a3214442037d0b59bc450_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  PID:808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.exe

Filesize
3.4MB

MD5
d04e130f23166d6ca61fa8d994bb7ee9

SHA1
e7cf428e53f4f667be616e4e7af7b8559337b3a4

SHA256
c53db5e666be6742eb305497114cd804056a68df3bd9bfd2e4a46ac01b1d1948

SHA512
588e64acb51b93f97603fef548c66dbf37c7cf8d31782eacd5800fab60f536b442fb5c1e99c1f952086c8c9224029cf16844c9ddf83459babc8c015ce4f102d5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4721515675e9cc5a4e432b663fb008a3

SHA1
77f0971c35c782d7f65de21ac835d7a2338b1472

SHA256
26456a8d306ec8342179ad75308d80a89506a657644f2194414f1cf2a938e5cb

SHA512
fde0e099e7ec7afceee1a32cd0fa3764dd3d5b2d23fd92d929566738decfd5d99d584a6ab3a848b641261d656676b620dbcd706eda4a1c1659e1adcfa1336052

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
b6a82ce7054b02b790a2b91371bd1d4e

SHA1
a726081218e37043ab8087e3d036327305850fa4

SHA256
1d2d5aaf7b55dd163dc8f5902f0e6fbf3b841cd34324017324cd47e9647ed9a6

SHA512
b6f9cd7ed681f26018fa68df3eef40abe7c4baf6a0062606cbcb7654d9574308b26bea0e803ae592306b3aaa029f1b7eb0cd4c8ab3cfe794f6cf24ea88b33cc3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7ecfad1ff2befbd1ef023e55dc861e28

SHA1
a05c2e9fac4206830503dd8fa6232870a7ae7092

SHA256
de31030554d162ee022cbfd7226d717ad1d1756f889daeeb23076991c0a027dc

SHA512
0a20c5f954f6c93f08a6c1f5b6a5bf68e3abc2059e6aaf74ac285dde27b86e6b834629127758df8e310266dd11a3c1686637e91d2d8ed76d4fcdde5967b4c7db

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
d2af7bf542e6652e899ccf57cf97571b

SHA1
3bb539160251f64ec8f13b95773671ef3888bd27

SHA256
637accabce27a2f2d7307f61a7fe8f599b402d8898f4593de2d86d967a59cf97

SHA512
a679fc9f9272894a988ad471d60374d765f38ae5de6f1ae63c1fda0dc710c79f713c846e75209d24944ad1f019bbb2222c086276bfeb2720af82d33b95506556

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2f403a564b4e99c7169abbc67ed954a6

SHA1
f696ec95b09570ac715c628b0cdc643b221996ca

SHA256
092c8fd499d66bc9281ecdaa9f9a831bd05b627fd3b23c3a7b4d1d634d8c5ac4

SHA512
458398947ba0e8aa9d24278cc6be1bf797a0e9d82ac0cb1963f78e1b27b0acc5e8e4671c710d1433c2e4d7001e52b36d14cc357ea869ef719f054045426c2284

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
60edf4a4bb78dd9c6dbdcf4bc3628ea1

SHA1
2254f4eb24b946c392cad4b42d65c1cc79f534b4

SHA256
2ff2f7eed6d332e55a4e6a9ac1a5ad7af49f237dd19498894c9b816e10c14134

SHA512
7bcbd369a70fe7ee1c84b9d43e2295081c1c48a359564e1a546cfa87bbf79e0c7aa49002dccdb228984984e4972686b81b8783c12e9643b967c8f35c362b302e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d196a77cb878b31af016d8b5f30acd12

SHA1
b6253e52805e675170fa9b40680f79fb7d38fd5d

SHA256
2d4d023e81dab8278373d56a1d285b49556961e22f0bed0c811e332b2101d649

SHA512
857b9016dd2a34f0cc5acc1c9b30e3bf58e7d30a98884d69c0abe3a7a6bd5f004597d3564f5ffc64d21a5572e007b53a24f402779ede165a5575e3f2eb0c8beb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
3dcf7dbf157085942c3411351f098ee8

SHA1
760642c9f3e7abe0663451e5df8a0628dfca14d6

SHA256
29b62cf6e5f631c4c3cf3278e1c7ae02baec417ad69b3295d534a2660554b4d0

SHA512
87dc0c85724ea865516f2ae6ad06ec7fc19c0a7c1efd3b39e3aba4bb5ce196e193bd2e58d3b3634d5f1ea38b3dc089363d1b4b290132616750cb64ed034ef8d7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d5e7068eb17009a28048a9491bea4542

SHA1
40d1a7d177c6a9c8652cbb785b6eedb7510166e3

SHA256
110826c4fcccff22781e5dbfa3ba2b2418034b53adfdf1442dd7aa59e8da0d48

SHA512
e397cbc717d34fb6b91257f2736c8f75c699953ad06b259cd85184e5eb6ed8ccd6f2f51862263700ecd0911808292bf70a1dc54bc577a2019abb4b72caee55b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
56bbe0317ef1caa76231982c584e94c4

SHA1
54d526b728d8cf2fbcbcfe94ba0f578e58eb9995

SHA256
b740cd378c0896ce758e7dd2634d19cb39430e5d734f882ecaee97d2c5800c76

SHA512
62f735ec7efb3fe2c8669f18ac886dc3a05d3911bc5958de08bcd5ebae539884fd7505cbf98dc142caccc153a7719bb4f9e80dba6c07efbfd88e0eba78bb71fb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a9551c8d599ada9fc5a0d50eb83c35de

SHA1
23db350ff9555c4394e24288c6815b9fb0a035a8

SHA256
4abb49b183537e4b8a49234dddf08054f7cb85a976585dbbc7c7f45db70070b2

SHA512
acad4646736aa604495d54206c9e7d9a414b982e8e6eac6ffaacb262095e7a746f83a710dafe3643be3d08e46fa1eac8af52586d0ce05a1dcded1d870aeb4920

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
b2057cc673a167988b84de212cf06869

SHA1
6f727f401ae33daa3cd8fbeb14772226783920fb

SHA256
6400602d6db0a32d9b473c2a8633f4fd3288192713dda58c4fc1cfe68291b52d

SHA512
d5d76f962f744bd6c0cf6ab79e80b8f203a90d5611c8ea4290b17158493823b53a2e3bb61819a5a6eb984397449e4900f8f36b958a4fcb95e57ead3c2fd14688

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
919cf5c40d49f5b49df9dfd3384c2491

SHA1
c20247c60bc8825a9ebba474040e2e90c4157fad

SHA256
cf3ebf06bc8d0bd3803a9a1c5bd7918997a7d4f3944e4621b115c6b6063a8450

SHA512
fb8c8271dd687a8edb3644e08bc0b01ebd4c9bf29750f542bd8d99a6878d0f7830a5e71187208ddd6f9b505e68123867bc91213f78316be99c6a63a982daa28f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
7d1257d1b3dbb6da99ba8c4cf25befb4

SHA1
445507939d0186158c4584dd42d334d30542008c

SHA256
18dae647c4fb93a6dc648748cecd283e840f005f77109b409d8334e41824872f

SHA512
0ccd9602e68370bd555b40e90c702c8d513624709fa2f76368d7e692d5c49fbdc263c5b57f997caa78b420adec7789545fc3cdba30827de39cb40d847f5ca4a8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
06882d46fed12e629ba60304ab8cd359

SHA1
ca86585d12afdb4a16056e6a77baa8859e4cf820

SHA256
903740f021e65bd1f27c1024d43639252c1af950872292dc3e7be3a75b80037b

SHA512
ff2fd26ed408e237a46045ba7d366fa012d8645234d178003f91db35be9ecc58ff7f79f717042159b46db49bfa14fc3b871edaf680a5601aba9383950eda955d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
443bec0c3725afa73fa56486d88fb8f4

SHA1
45ef57487235879be457d28525b8deaefdbb9a79

SHA256
46992347e5a8ad3cef08f168db2ca95f12445ea81cf251f19eb98e290d169488

SHA512
7fe20392e6cabf014342f83856828934ddeaeb65186e442de9eff68411ea2ce7ff3b24cee405c073e4b19d50659f7c51da746b61bee5bb98bc696a9a91aec8c8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
9d115cd8ec32b7cc16354b092fb0a705

SHA1
51ec9b19761feb0d6bee8704525f9af3a69f6dbe

SHA256
b9776b6cf7b279e331f1ae6e1b978625caabc0dfec1f512d78736db3c7128557

SHA512
5778c0a42c3f0b1b1c39dcfd2f2aa573ddf225fe75e76081b5e11e6a8c032ad7e02098d986ff27dd07993677acb604186c808aeaaec266501791140b680e4cb2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
02c90533b555acd70c55256ac1e5c346

SHA1
45b5a4058761181ce445ce0e3b7d200057e104ac

SHA256
3d7432ecb2af7cb668cb433aedd75361c88c77480c1c457bb02ab871fc22f05f

SHA512
c3dde6e25415747456995f13f3099b21f1bc86da9bf8b42afbdb0a6ac2469e0ce2e46f3f1895686c026b24e143024138d71ecb505a49e11dd5abc8d6b2c3b654

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b09ea5efaf43dbf6d5cb05c05ce93985

SHA1
b2d03b9ddf2734bce75587eb4bcb1128495ee42a

SHA256
e9c293285c278a557c6a7127826cfa46741d94b3878dfa161c3ad358d0e0754c

SHA512
86b04dbae3b21e51270148f00127ee38053ed3e355396409ae61c9e4fa7688e5b9a3971106332e46c4edf73c9b639ba8fa15a28d6f852e079ca0c3f0ce3b8634

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
70ca41d885c569688aa2b9abd63a3533

SHA1
4d89916e164b22ebe4a58bc9354285b84b0a8844

SHA256
46674b46f8d0981e8d9c16bdcd435436a57eaecf0e36dd8ee99a4187ddc7fb0e

SHA512
b8a456d14f399e59219bf7503b2cf8b24af2449c83a6e57351e3c215177c9e7e7c49d137922b6feb8aec208e9790f8c57bf3c43254a00469aa141c0e6e06cdf5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
282513f56a433618b6341f936255ecc6

SHA1
61a6b4382815cfb3d7e93dd66750bca849e36a44

SHA256
02dea5e135754abea27a8c4b12cfb16f33b6296781696d034348341031bbc8c4

SHA512
3952741e08765a6918b7ef73ac26ea39df75784700828a3380ae64bb40f692af04b8a962ac3caf30655e82e03f6aa1bba0c6e544c518f617ae20d9aabad646d0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
f5ac79e09bcb72e67be991baf60a62a5

SHA1
c7d8b3529938bb457ee05d119ac2f6883cd80e52

SHA256
56491f5cc49ffb780002e2600710ff6248f5ec380cddae23fefb91f253305110

SHA512
ec9cdcb701bad0ed01656cfa72b9ae1eb047479402b3b98875c04337c8b41be783b72452b059059f6d756e6f52d857ac80543ee60b94b969e803e182fdd29e8d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
20765721e317fd648e537a0cf44f2cc0

SHA1
ed2bbfe0e6a1e96a80db2c193bdcaed81764b808

SHA256
560fe46ebbf45be81e877b245dd143b8e4e86a19b12d06cd6246443451797107

SHA512
8ffe563dc7cdb9ecc0518631a36bb74f47bb3932eb539d3a3962e99ad4851004563114c264503d070b915e11900dcee5a50180893b97e77d324d3fb229287e9e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
ac57e43f4efc637be317d4189d1bf152

SHA1
2be30f655dc6d9f2a36f8312cbaaddc10873e3f0

SHA256
025ab740aea8f273e7a4f74e337e93a51c530e6ab7e5b3748a119d3381d29f8e

SHA512
f8f73c7311b17b04a947ad91d0b21a7e3f68425051f4b9f5352e2ea98f7c3c6db53e5b0ae333400548bc5c54c763ed8490900b15e50e7d00e0b6a618fb5296d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f0c73a6ce8c5ebb5ccebf8b612b900ac

SHA1
d518d263c22442e0e13b094f303be51ccecb509b

SHA256
75ba04526051f4f7a02f572d4fb13baf02117b4f7a17d6c53e909e089c14bfc9

SHA512
7fc1c97d3a753ea73c4d7324c2a6a9654da7834e8ece3e57c59d9050064426b3a78625e159b730bc5c48134c22ed35d45c410ebf738abd94d58e2fbe3e29c52c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
f511d8ddafb0ad382d92c63190626cc5

SHA1
5d78183dca7bc994a222a909a596fbd0d8c2b860

SHA256
5fe56459bcf02cb02f8e538c51bd091e827e281f4b7ebda88b52b8a9eb350374

SHA512
721dc2f351248ca61def118f35ec352d57531abeefb90aee5b4cf9fe86065564a96b5f317febe503184bd41a91199b4a60c2bb56731a5070b906fc0028a0172e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
fdda8f33ff073df445bfe8e7ca3a852d

SHA1
9b3bdb1c0d9bc19e0d1a509db72241800b18d0a8

SHA256
89af08dd45bc79e787435145d907205d8fb1dc73fe5922e1b3eb8c0e17aea822

SHA512
1c51e626fd7c00943ebb821e73b4edfd035dd34b74658478c2c47ff23b76aea2c9d7722a11004c85aebb6c26d5f91c6f563fc6547ccf2cd52ce48bbb43cbb2ad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
51548c89564599db95a47d8e131f5acf

SHA1
00ff8aafe1ba1fef0f7ca897cc60b8a3386e388d

SHA256
b9b541aa832db095b4912cc012d9679b241be45fcfeafa9a8c406566929566f6

SHA512
e5a9a76de9dd6c4ade9c0ca5fe12385264736446f98d1334589b1ae8b3f56c6057872ab021062c6659519a942d0c24ccee7edc29d550096c750210d04e3b2e97

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
086bdb40734b4996cf9303349366271c

SHA1
dfef14fd0a79c9407ad6adad8c7a8e74b15ab1e1

SHA256
f2b2697dbeb95e3153d4e1a671b24dc1c3ff637f370d3c4ab86d99f0604175f3

SHA512
70b5d9bd8997d90b480c843671e7f5c694aa219c71ba3e471fecc681a260971bd56fa0785be164b1a924348ccc034ac54d03978a3645a3407890bb2cb8651710

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
7c12cae41f4707ca821ae31a14a7ad06

SHA1
2007acc27505eebb1724a024a9e44bc906eb6752

SHA256
653ca6ce1bb677b84fff44d00dcd86bb34b0a5e2809eca1c592ccd5968f64f07

SHA512
70708055649ecc733b39f9ef84884a5228fedbf5de09d07d76bbd710cbbdb7b73d51ecb0741b5220b8bc301c9482be906074ec10544ce51a9c9c906640bc5d79

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4e1a9b48cbf15a6a61e283c830d8b368

SHA1
ee8810243a9d96e99050d88470831850762994d0

SHA256
12dd00c81a4cc4685ea08b930f705ae762be8e7acc67b6ab4fa296b08fbddb68

SHA512
f27c20b9a9bb6447091c1a9e26a76ed3f0126d81126dfd4c2fd275b43e3ab8426edd7e097fc84080e032c40b034d670dc61e29728278c57d36e0d9f1f6cde730

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
9695321093d83bd4f49546cc3a85342a

SHA1
9be51872c4464bbd4f24b270df9a4f3de9a2c2fd

SHA256
216fc0e161d3a7ae48546f1c8c19db8582792972f1859f3e71e6304d28e83ac7

SHA512
f3a3ee4724166882b68033a4afc4ce27553bf79373ac70d7e9d668b13f11835dcef24837bd3a56a98efb408f0d35ce9a8ea432b4b19bb8a37a58a87e9f5a6bf1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
21e2ebd4728dfca8c620b2727ac6f4f2

SHA1
096cb01da3fe229ca74935f4cffc4ca6b7992512

SHA256
540595be970508afb790e0f3a67a194d2900920ec37efb5ef7fe2ec4e5fe1595

SHA512
f15bbafbf8080fbb934b97c01a5657bbcc1a7a981dbac948e8dafeb4ae274e8a977058573318f4a34f2f5764eb5fccb01b442463e475ee4905f7df59e4243f6d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
1bb43945afb7b8e312a500379aa3bfa0

SHA1
b071dbde07f74a10af862a8ed310f5066f14de2a

SHA256
54d3d2ffab4a244bcd244654f52e904a248d0e20d454877b7523e9e153014e9a

SHA512
96aec7bb0a195c0f4e5f7a63934de54a316059fecefb96b3c9875537a3afc2493ef1b2a3b5385c35428faa41649a4cf83708693e985a34bbca21991294f2b4d9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b57d23114138de87ca592f3f58c7ed9d

SHA1
0f0cc0365b1a814d33abde300f7428ba12d1316e

SHA256
c56f14050d692291e9e8f86a38ea4545bef94e1852b358dd6cba117309d46cbd

SHA512
fa7d6b307411a7cd3d26bb2de35dff096d754b12d9859ecfb8ddf98b72b559f75a545ad053911fd7e210605ab62dd6f72e43b24b5c0eae4611d0bb31060a66cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5f89b046e2d4f97ed2123bc63c295a8e

SHA1
3dba6b9c8a73a431f405fd87530ca8dcc006b7ab

SHA256
871e92fc712a6621f127834ad29b76b8d514766889e1c0e87b73a88ed014bb4f

SHA512
761968489a88fc232ba830f4d8d8de7f659fd30acac361204af63102669ae9a7498e47eef5abd97e736f71a6ecb75194db29f166c8ba9a484633a62f1395007f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
820022ee2acd7eab01477c45f1c988d7

SHA1
a3061a3dfd84d2b80e970d687ce6ce6fb19f232c

SHA256
cea78c81fd70d7f9cb15e410600c504f075bc69d3dc5d92d6a4ac05c81fab4ff

SHA512
8e0b9b9e70633d6e14306f18ad478d821fcda99de314b551011d354f136cfcbddec0b30e346853a8c2708c9183d86d66d19dbc8e0e6ec5c7725cc46982a94d6e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
cc3618ffdc5b21cc210f89558b499697

SHA1
2c0599f17ecad505c8c9445c6ec94c41cf8c441c

SHA256
55973cd0593e5679035191ed1f0a80a5178e6d52ebec841b06e45dbd0db0a663

SHA512
7b3e3f92f90e0977d7c8984c03565f3373d9af78cd34dbe5940948a47977511932d0f1777be0ccb72d68d6d41ff2df5292aecdb832d702433c2a357c0475aae3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
72d26245b01b61b2b8a5407652fe7773

SHA1
17a1cc79f0a8ce25b359c3e7fb7c9d9680f9d5c0

SHA256
b36906f7d6fd51752c0d25e2ee5f463a31c9e328c1edf79e769750866121741f

SHA512
cfd4d9b39e810d7ce1520f99ae1dbbf19f9936bfc53ed73736015c003608dbcc55d1d224c71fa70cfb79bfde24856f96e126a1e543a58826897e877b1b14cf04

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
bc9752e18283fc139f3269d4026a05c7

SHA1
9712ab9f25043422d2b005d00fa3a64028cdbced

SHA256
1b0fac2c4b94d9b9f41867ab65e1cf85983ed9211a0c20ce9e247925e3615da3

SHA512
a62512b9c0091d5c87a848662e8b1dc20904d3dfce5a6c87209fe428ca049870a1c667054323c28ed095a7ed87b5b916be578ccf1badb2c2d26fe22be0432352

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
c0c667fd6894216c05fea959516c57bc

SHA1
8089242524ecbf0bac542bcc0dce459e7272514f

SHA256
7a8fddedf32b6573f5c198e9e0858acacbb88f038ad5722cbf52842d5d0cfb22

SHA512
25b63a1f9cb6140e506da328a7e2e67e34d94b92d7ff326e662d716923496ca1b1f9ade360817553d385c3407396aa6fae8ee7fc1aa6832e40c6536eb285f1c8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4887ed0820e25e7d4fcc9861e5cbe0c4

SHA1
c64aa6bd8caa6a4bdc16700a4f79acf8923489c4

SHA256
1703108f723191744435fdfe78d719dbb8dff13ff8eb17afd90e78da907c1445

SHA512
a9d4214d5141c6c64a0c93861f22a27fa6db82be21cf5fd2a7382e38effeaab7923cf53d605b07d4e5cce569c2f22288a756401b78452d5ea8f4a6ebe95eb461

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
de08688495fdb15d92419025013781dc

SHA1
e1fd97435bdde80442aeae5f15528049b2f04630

SHA256
825f698f9b2fdda7cb4448e409f95c50e7f262240821278ef81f251a8578610f

SHA512
2d1183368f62ad2c3005add3dea8505fe5579450c805101880f0047e209a359db946583286f4297872c116aba5e6765158a5ac8e473ab3c21fc238533f1122be

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2ad8c2828d7d042f028a163f268c9c23

SHA1
bf07a5008a067c64d726c31a79531cc5272b5f3d

SHA256
2e455974baf37db7523ac301facfcd8fd74caaf3a2cf61350a8fab0e004c6300

SHA512
6d91dc0d61b92e0d2d56c8c35a39c6695ba548540f1441c15837f5efbf71b156e37667b33c511b582c2888634971efa47cd9a68aaa1fcd39a3672708b76c0cc3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
0758e331084cf4ff98def4bc930d6ae0

SHA1
dff8348d448600cc13a31f1994247d03c47ba1ae

SHA256
ea9d2cf2e1064feb7a5d212a9dd458bd4335e91ef81dffa639f1a61d98a1b2b7

SHA512
aa90a45391341ac1f2a88f5681409c31c2ab464835be02dd4280502aaa3696a00069e067f0903ab35c989c5320fc383dc8bb932a4dba4bb1aab5e0cfaf2223a4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f2f340cc39d354411cd6918777a64312

SHA1
de6b4efddc266cba58a7945602b06103280718ac

SHA256
09d8c305515eab5db7e9601cd857aeca3b6ca80b1bc87503dd0cc9f207a92a5b

SHA512
5514981604dbe52f90bc61af670a69aed2b2631186ce4bb6dd6dc8530ca8028b9eb6a4721bcae7a48c171b80e55abe469f7ed220b56bb7d4726f7e6b08f104ec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
9c53502f802b2ae347aea24a7971c0af

SHA1
6c6096a4ff8d97aaa19dd5ea64791ab391ff3dc3

SHA256
a92541a679dd55afcefd0bb5863640729c73648dfd33f66daefeabe05958f69a

SHA512
1d46535a78c8557a4c62303cc465f37c83fc4ecb28c67a4e156758ee46628e8d5be3c5c4280a764bda298d04e424050e965e34343828d10137997558ecc696bd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
71fe25d5d7e8bf804e8eeb4951047dcf

SHA1
32073fc456f2b929202b8c1443980519d6f815a9

SHA256
46cea49f4f745e6a8a75c5bc501825287c99232f7a40e02fdf30416fd0ab811d

SHA512
c986ad2f2e5552e066db03de21d73d6487283c11b218210aca2e32399f7ffe7c2df7bd15fedd330e48b37aeabc811836afddfcbacf60ba415e6fc5686b90f862

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
727414d128aa1451bf193c72963e4d13

SHA1
5ffa9d6a8e591d2d5809ca71f6e8cf74c7f1271b

SHA256
58e3cd38b7069d0a385fab69ee6674627926f338e8abbf6dcfbf02385b4cf8cc

SHA512
5c952b5e55ba1574584867b96909d6bb10c927db2c1bb7e50fb89ce5e99b871c1025297e78bc80ea390bf533610da045ea7b468aacdb02fd2b848c6fab152759

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f38d77fc2a7c778bd99e125498a4acbc

SHA1
90a2bd1d5ed878b6f73f74f3e299fd67bd1e138a

SHA256
b3b450e242cbb1aaf588f19dfb02191d6fb723d12eaf7189fcc2247834db7f25

SHA512
4eda6d9dd415328f33255c4cd3b9ecc54a08c24de9c20c150ea6e3c53fed741c9d94508fd0c735338482eef91961d02214d4084fed81a521e74f7d87d6465b97

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
57627f48e3c8d5acfd75930a85949d71

SHA1
f3a5ef908e8f1b811ef39a3ab535727216e84490

SHA256
404871a797b7e889760eae8745f4ea3621075d29d2683a0e975682972f0cf6df

SHA512
c8b97bc09909724390020c024192c557369d7ba29e32f89d35799c260ed2b8aff11f5f5fc6a84ef67b82d26b326d2271a2baef33f4aa2444dbf98bdd2616e183

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c0d00648ff9723a53626994c2d02c1f9

SHA1
708111baea54dd9a37d040ed0222eb1f2b96d153

SHA256
2d932046ee063b41afa90d5fb38e4a1e74a424bb5234ea62d6569b54290eb14f

SHA512
a0eb40f9fd0ebabba71db997f15c8e76227258fd8c60b1920f0b93bfc865019ca74aca144e817677e91fd357594ad82434bced378f05b2abd1921ff2c8f97c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
8066c2d6e592c8b8206a9adb71ede737

SHA1
d56290d98546b344b944117770ffc65ead54bf0b

SHA256
68d3c7f40f1e6ad2623f291eb5bbbe10da68d75d95db1846de67540ccf6da201

SHA512
beac9b01d985f49bd59c073b755e9afee7b5644f0038a447ce450fe7dddd4ae969d8ed9cc56d344bf90ecccbe499f8ac88fdd94c8f84b6b2c0ebce103ebaafa7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a9ed2541d926a52b4e025c58920e89db

SHA1
2a8ef697e56509a0fc6cff5c258aa1c871a634d1

SHA256
132b603d2f21d390de58b83f0276e13c4881903dbdf1c04492a0f9d9989fcb59

SHA512
2e2911e1b2e07e1746f91933522a77d354b456d1d94d4a340b71f4b7b9eb12b4cd6101c999f00cbf2c40e83a71271ee5afeea1f4a74834fde3597e116434f994

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
b04fb7a1729de76906227dcb228b1806

SHA1
b435e8f21cd7346e5ca8ff4033b5c7fa80943843

SHA256
521d8ba171b749a99e323d2f631cbce46438545a14803b8cd0380ee2f19d7a8b

SHA512
0a9058ec414a4aec5aeb3de755bdac3abec476454894fb2f1af4659a2123ca17f6e3024dcdcd570d6a8e82be02a49e3a1256bd8633388a919999b6568c9d8b4a

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
3.4MB

MD5
c3d343d42da387144b86f55fd30311d4

SHA1
59256de5378dc23d4fb986555be11b22c68a3b3a

SHA256
95df9bbc02d5a309b0f1b12ecb59cf669031205c11f394ece1391fa6ba377bfa

SHA512
9ea5e512e532c8499b4df494c20fac25c334c80004d975153e304dd8d90c9b06b373d594b95fd74d5a80a613b85c383115506254e5b0c6297f441230a3ac7d4b

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.exe

Filesize
3.4MB

MD5
e47337bf52c5c3cc1cc884b48dc2b35b

SHA1
ab81e318997d94e44d610e5479b545abc7a97176

SHA256
60d08179df6949c0841795b2f57bc27aab3501d7514be7f936f5cbed89a8a809

SHA512
1b79eddf68cf97f60afe0659ecfad1cd2aefe505750128ebee96405ba4632a7be05f609950cb1569c78a9e96ed0d386cc229a5da8f4509f8223ae68e8fbaace4

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
3.4MB

MD5
26429c3fdf3a3214442037d0b59bc450

SHA1
097daf3deff6b90e6bb038426db02a0555bdd3be

SHA256
f242225f03f529037e91c9e500847f524017c0b1a4220875bd94194aa583de7e

SHA512
23b927545ffa949b17220eabaff960d92d7689233e7186a3093e0f4cf75c296ed4d9fad83d369caed34e464f0bbde36d42cc6082a86fbc9b7a3236c05186d77d

Download Submit
memory/808-5-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/808-50-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/4316-0-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/4316-45-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads