79bc2c38683eb148a21522a5614d2cbf081a6e746e4275a2d91f30e38cda0269

Analysis

max time kernel
145s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08/10/2024, 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
Size

2.9MB
MD5

25b57ff2fe11322bcf72283bbd6ae6be
SHA1

a344850c803e966e74163b66af20014b104996d4
SHA256

79bc2c38683eb148a21522a5614d2cbf081a6e746e4275a2d91f30e38cda0269
SHA512

f09aa0e795bb5cc0ab31707eb62daa714802e8609a280439bd336b887d81c07f2665e669f5e0ca027c91ec178abb94fb0e35c7c718b510b44a0719c9defe1779
SSDEEP

12288:Pp4pNfz3ymJnJ8QCFkxCaQTOl2KCsltH4cgZD5+6aYMasAYXG3Wv:xEtl9mRda1MIHYPyBashXG3Wv

Score

10^/10

discovery persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4136	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\B:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\O:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\R:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\V:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\X:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\M:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\H:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\K:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\L:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\P:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\S:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\G:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\N:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\Q:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\U:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\J:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\W:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\E:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\T:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\Y:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\Z:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\A:	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HelpMe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 4136	4576	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe	84
PID 4576 wrote to memory of 4136	4576	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe	84
PID 4576 wrote to memory of 4136	4576	25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\25b57ff2fe11322bcf72283bbd6ae6be_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  PID:4136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.exe

Filesize
2.9MB

MD5
29cab8a34b13d0f0ab0c65361c14571b

SHA1
505bd8e41ad496afef43e1dea06526098ff97583

SHA256
c444390670f28b5073ac80c61561a77c2daa73a05d9b0f96719b8b7eae3a5f3b

SHA512
c52ab013a3a5ddffd6b81e42de358ed6bda0218a999a3068f06c69f11724a4e594ea497ebac0f4c3e45324c2b78f4de0e8ddc691e376b937757a1300d348d6ef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f682586ee8563b1b827460d6bae45fde

SHA1
41e9c8cb0bb207d2f42dad965cbeb40c51794d26

SHA256
0eaa02628612037aebda38da302610443ccffe477f15ec7d97ec04c348d21d85

SHA512
a29a69527eb1b2c7cb78b932ed228ed2a0c451b8a4c0680c5b6aaeedff3ad8bc8325dd66aeb3e279f3eed6d450fd6c9d8ebd070ab1c90bf3b24ee418d85b606e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
d2c6d4adc1ed536a82a031c8b393b1c4

SHA1
544ef52358fb81db32955264baa6214363ecd632

SHA256
742895f32ec66b918cdd29d0e346ce67eda782f06ac7829e77bd17305298657e

SHA512
588f737a5ac189caae0eea7eee63b71dc35b594ab7963674658d3f00ed3bb98df18d8b8fde82a38bcae660809edc55b28ed00117558052ded3e96822b0f75101

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2986a143ea23cfe3fb4be76297b2fbca

SHA1
d0f8a9ad15e377fd3c2beae8ca413eced2d936cd

SHA256
6dd1cb46a361362021a0797107da232867f19d3f4dbaaa68eb00f8facb3605da

SHA512
bee82875e97aa496b2b679f5d44d654ebc2e21b7a426b0087a2c09babbcf9e3a8225db6d50019581f5c29131d94b8081200523a68be18d3d49715df21fec2c77

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
91451660e4d015c66ffc54e4c5269345

SHA1
d27a972015faeb955027dbd6aacfd44433813ed0

SHA256
78b67c836fec1560f3ad569d345ae7f309dcd345ded6b139a455dc724df53e7a

SHA512
efec4141ac49728715c5abe6c6c2f3dd3ba8e12a5746a7815241838e8de74fe8658090ed7b48ea43a0363c0d6127ff3dc4b37920ed34ee577df6118c110fac00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
79d8b020986d5fb42014cd2fe5cbe955

SHA1
0ac89cb6189ecbd46c6cf86606a12ba1d6d4dc26

SHA256
4f48e937ac04e4416f11586617da8217e633dab232c85a20027ef44187207142

SHA512
0685c31129b060f16945bcb7f9b9a108c9d92a476d30fdd193fa0160309736ccc456a2213a1e7289e78d9f26760492a1289530842cf3ddf30a9ab66775201587

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
133b12741cdd92f13eb8f44e6562acd0

SHA1
60f79a5231c658fb371fae3dbefcb28734a31796

SHA256
7d6adcce72ac1e65441a3dbf5b184363c47c6b53f698308b4afede7163e423c1

SHA512
caafe3c00c958541f84a7101aacc11b3dda645484afdf55ad8d6db05c022c86de9ab0c020003a960779618c768a07b5bf4fdd98cc128777b45c09f8be8c30e0d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
791d14e081577688908d530912c450b5

SHA1
e635174be5012e57d2be6405ed440e012542d1ca

SHA256
830208d0cf6a21b9d381c3b52cb697d5caaa239083825031eaec13488c060d33

SHA512
6a50b98bc3df431cfacece882e4759926d84d10c7a421f9550ec0e033b64f05396dd14678e01ffa3ce90997ad7e08ed0d2f04d9867045913ab733b3ee6e0ccad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
2152d1f2b28304410fc906b1efd81108

SHA1
7e0f35faf44398eb08ab38fb241c7a0efd5f7624

SHA256
0642974adbd9aac864215a9b7fcbb76a1f431ac47dbc2ba5ba9d83d820c8fb83

SHA512
243ac5f499af3ca90d41a773356137a7333d8296219f7eeec0acf84dd43c6f5ec4d054082289fe9b86d63595ad275afd393010dd50c633951340143676308b0e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4566d2186e603f21286c66a827a8781c

SHA1
a660a5a2817c23d3365f50b10e2f06d6ee8222a9

SHA256
f7d9a2fca3b732990154cc9882ec3285614bcc78702c297e92359267c22a9193

SHA512
4c892dc8325cffdd7680f3ceeca3af39211d429719500fe57335bec4b872749ae93d8666cdfa99bf997f4389586d74909ead3d2bbc0aebfc07ece746df6f231f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
1e89c2929d940695d5aa3f486414b90f

SHA1
ef0d75a3bf737b478fa7b5b4e0bbecaea09eb7b4

SHA256
74d7181547d204d6920a5098d4c770b864d2a82072e4e19ed58fdd359ebe12a4

SHA512
18a5334b1e955b1eb29a1aa54af344dd48f8257462b6fcf6b2b9f99ab7265060fb1e271ce49afee3fa3006f2fc3c7859f2521e5a87358a7ee2b936da38910f56

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
856f5f53f0b76bf60ff05c51aa1ab4bf

SHA1
247051a5afb8701a7289df078298bb69e47e47f6

SHA256
2b9c1b53722a543f697238ab0c9ea2ec8744e5eaa31df2d0aa5daf2194330399

SHA512
f75c9fafc65fef06daba1f5ff07e54fbae17ebfd7e80de9346a5401a035ab160c879175cf4619d2b494b1f8dcc712dde5ab767318bc4dcaff17adc3294b8ed83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a6cf78fee99c4c18aa937b1629ee297a

SHA1
1915b0e99038ade9bf8dc2172c5931109d105fe8

SHA256
27130476b011e3216a3fc3a16af3a7190002988b20f88fddf2320d2373225bfc

SHA512
1ff0f0267de36fac921e50038c3b114f1130c685dc40bc4e14070cd10284281dace34e65b9f796dc6f80736505bccbd8c888a71d25cc6728a207a5388739264b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6155c5c356dff1e2aedf2db96a1a4727

SHA1
df7f65b3f934872327db153b0c44030b6014ab5c

SHA256
aed377649840b3fddae8dc8c044f83268da2b3bfca696a6f33ed142171cb4316

SHA512
cb6b1b988e6e33579f7f74a81c71daeb6e19c8a440cedc1232a0d30023208ec60889ceaec526af2b7c9f9e3d244c62229f66b92b2e714409ec8b45392f86cca2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a38090854cdcb93f8d8ba4c1e4aa2cd4

SHA1
4ec8cbbc29c9828ef715cee87ec9a4a4975903ea

SHA256
3e37b3a4508101ec9bb53e02aaeb7e31800f980ef24f88e3b14fa59d71d32510

SHA512
d6f996784cae9d2c5e7c6693749b89eb135477a8d9c2235370ea1b60d12f9c6e28a2b428c0dc68629ae01eb58e94b649b8dbe39a980753d77a7aa9e36ce2d191

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2dcd9b16466013e95e2fa0b8354e0eb4

SHA1
506fbddf20c6824ca007402a32d1635f888feb39

SHA256
1829a6b264fc5908a9193b8e8e154fc854768cfbf0d6c944e963bfebcf546b99

SHA512
a7ac4122e0a90e3e2d1c4ba3408f7a5ddca69976730e3960d5b809529be6570d0bea304ce2a5547379540506c0e95860f2dabdcfbea61d2a92d8182f6d7e42e9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
c75ea2528d3f006908dd7ef78fd329f2

SHA1
016a8cbcf76a2055101836c712051bab4170ace6

SHA256
d6edbcf57e0be8f1932bf636dc55ca7ba216022a620fc50efa2b041ec5c62861

SHA512
48c00f4323611c7aa25dbd64823111c003e336794d391f8bf40212389a5205e45ca9c51cc9f4e364db4fc765024b4c1d2501ce4e29baa6ffe6be75472eeb2549

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4e01ae43ead79a88f0105257545589db

SHA1
a7af69f8b96031b7b04ee39405380d4d51ab83b8

SHA256
f6141c91681e011c6e28befcec3a32eeb9a74dab8e89205c81de2a3440dfab76

SHA512
2f96ddead88d780e44ea6bdba0b9a986a94172a1aaf3685e53cdd7d704c3ce9d12bec81895539fe1e116b98544d23da65d92b27d2fc8a3bce80750ef7f28d2c7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0b6d4a6e8279695c2c17c9e43309e05a

SHA1
be0a341d8507152425d69b7a74c0243eb5688739

SHA256
81a13c834242a168317c5be2d93020cd5b00295ba763ad21f6529aed86ac16ff

SHA512
6bc88788c75fdd0896835f315143e50c70b1761c43cce2a2313caa6debaab14e422c30d6cb48419725213741fa61462884d0e82398c9357abaf8d7857dc6ac34

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
95b8629fac59513a7d9fdfc4c0b88393

SHA1
94028aefda1c7f513ba3ad429ef2b61214d41a37

SHA256
fae82439d0016f9b8ca8750aa23272c835bab0b9a382c41b2df979c740b62c2f

SHA512
265b50afc7576d71b4f328d3f79029f2d1a3bdd17c8ae298df9d84e1714e3e6bdad40de7cb88aaea9519199a92a7c3d6d31d9790dcd5f6c2d9b06a9032492ecc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
84a0d861b49192eb3cdde4eb1896c64e

SHA1
8ab659a6b55f325f6e9408069940cd74a4d25844

SHA256
ea8e594b4ed368f12d60bbea10efe803bd8de3420e54ef2dd3910d49745edf5d

SHA512
dda86c0c25019d949795280bcb4518a1863c768255b1daf24acb3009d0467b52a5a57e745b1ca982824d767ae203169ed6ff0811991a49595bc43fd939986797

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a66a1145b12b19aa65ee6c25a0bbd9c7

SHA1
d5153722f79aae3225ea7a7eae809476ce3dc4c6

SHA256
07079f8d335351b3da83227a2ffef88bb83d354879e3b34fe8498ad13d521b29

SHA512
1c7dc6a92223f81e204fac063a6e79d77e39e52ca4b94f3ac8b383d284cc1547a768af7ef9f52874715a146387b7777bf54908d59ad43970ef54915b576c0156

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
58128abbc7f0c6bfda8cb3ef74ce7f2d

SHA1
a90ffe82a4dc91aacb4610ecbcf4c7d62364bff0

SHA256
6ce749918db2d324be49a0d65289e66153e7411ffd7cec9685206f59d9c97eef

SHA512
3ed217633085d6da0c79b551287d15efc8d9bcf9f32bef8982df47f2714d79808a93c2d31b284dbd7efa599f8e64c42a0527ee864291d2d3dfdd2b8981798ec5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
c30ad8a0572abb6d131f9bcbe274d961

SHA1
f093a131e0c89efb147caae4d19539a041e4a02f

SHA256
902f99671a6f509f9ef159c42a255c8262204735013fff4beb8676c29a5217d7

SHA512
1b6d3d3249f90a0160c5518a220350bb589cdeae178a205b7fa7316a3582aedacb83ad8e86d52593ca49920c66d48e1050befe35c49405427366f897bb2d04c2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b942bf7784518a66c192b9b04064f567

SHA1
447fa6372ddeb92163556a71d436808bcec0ebb6

SHA256
1b1e1965c0640ff3db1a74fd2a8851ae7b9c57f493afdd7830e9c0b95b12872e

SHA512
dd22bd434495affca114fa8bbd2715e8fadadd395bb565f01664f0e530b7b1f93715849871f2c85c79c18014dba0eb8a1d37bd21fdd57793368f9a0aedb05d49

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
d568b2663a9d1a10fe759eac497e2609

SHA1
f7a41c9a7bf1ea539c5832c204845398b574aa79

SHA256
d15b1fae79538ce81cca7557d0d7bfa846ba4051f76dddfa4995c6c735310bfe

SHA512
55095714ab31ee6a2edc7ee7dbc397ae51a255af28699308c4398add507e2e63c386dc828937d8d8c952a5e07dcb60eee51db0d22f3a455210d24b280b117a47

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
9f5c1774bc245bcc721e8c98ed903912

SHA1
0b885364f9457b940def1c8614d7f689a73586af

SHA256
7ab49303072e56a9971f6cec0a3fd491241260713b2c4aa7e5f154fa32577eda

SHA512
10636c24d5ff374b600d398ab308cf6955870ecf075d1e86357ae143c50f75faf16bfbf879e7ca0276b3c2e74616f49cd654cb333b6ac27dfd4fa95da690cae4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
307b793fb77df3996cae3c64b66feaa7

SHA1
7b1781310fd0d39db9beed8c6ce586f2a56b38dc

SHA256
f1386d918993004273ae03e1319e26aa6541c8a66d22d1140732374fdd8f6dcf

SHA512
36ffbfa7175d638ec55d7db0143da73107614508c942a9ee36664562d558fa629e7578ea32415890c7eb8727a9a8e567639495a996f9c98cdd10baade17dec7a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5a16619cea4c84d6677a9fedcc1c6c74

SHA1
cf054ee8cfa53e236a53b4aeae79b5f6abff1719

SHA256
24016fbe1231f06cc9501126a71dc4d73012fb1b399cb459940be33735cd57f4

SHA512
be0b4b92a64a2eafb9abb8fc44c27f62126850a67c5a7cf2322b674a48f66bf748f64e977f2e57e406ecd829d2e7ab4bfc31f0adea34a49c75a9eed0e1ab7227

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
94348f3060362fac56fe7076023ada12

SHA1
f3806cb92a9a97e66210fd9c27b1bd68ecb53652

SHA256
120e7edc96a3ff9ccbd7463f37de9f18f87dbce4eaab541590e175ef7ba23f7a

SHA512
d70b2931d182034f44d8bc5fef3b56ac235747ccaefb2f8b818dd0ce483a423024df853e03f3137b20d4d894400c50d02fb64ea129fb07132cb6a9358d4e0fea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b93601088c6bc694b0fa15aaf21dc927

SHA1
cc569cccc0b77f7c6027471fb0c0b83a98e54fde

SHA256
1c8a6e17c0054b6581e3e98b4919c2aadb2520f43c5266ec8210dfe08cb44412

SHA512
ac747e3bff696524e6f91c2b40b66c9a79e573741fc40db6e75e4c9264e784e0a2c68a18d8a5c68dd723cf23c178cecf70e9f5f693e9ddd517681ff2f2ed2e79

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
031821c9756f03df0c7d26b459440847

SHA1
2b26d4d1731a401b68af6dd28b3025a257c04e56

SHA256
ae5e5abbdc29d3af03a74220fcdde38bb0643f77d15af337549c84aef1004901

SHA512
6b3a82f0149a76fba1a7f7b7fd9ace799b767f282292f2048361040d654cf1d764a8fdfb7e78474e2bc2ea603b4464deffa7bdb9ee4802c7f0f847fcccd9dc7b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
179c72af45ed35078707af3af4184e10

SHA1
9e4b8daca297c0d44a844a9ab8a996055066c2fc

SHA256
fef51a91ab1a68035ff0e1dcb334a8e80dffc91e8ec4f4263138837af892f74a

SHA512
094f133ce3267b09bdbddcdb7a218777f0e11022cd58a8f92fba0f94a2b40d0a336804f0720fd05b383091f4bc7b9487d833c3e6b56e2c867d3e3e3cdb17438a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
725f893a7fc41982ebd25f24e522cbce

SHA1
a98427e5213fb0b14878a99e257db817c6ae696c

SHA256
d57d435bd745ea4c4efb4df1f965c429dbd93daeed1dcb3e0eef86f93c18b054

SHA512
188527cd54af96ab49941e7cd9a72109c7cbc2a24f7d90eaa0dff8530013a9c5be74699c6369fa0bca710e8d6466d517b21cb20ae67b55a87ce394a123a22c42

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8dfa6606144bcfcb561eef3fa389184f

SHA1
00d861d369a39a27a0ebffaaa3c845df0b436e1b

SHA256
67441ef7f459adfa5d6fc7333d3af33165434f1c36e75a56c383ed3b5df275fd

SHA512
834c9c46c5648eac0cf0a6b9bba94590fcd1dce8814b7979185bc78e9d65ab927660cef8bba9c9c2d5d39145d0c8a7af5ec04c66f3296e1d93834bd1bfbdd4ef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
110aef93beab37c83dd15dba5ebb57c9

SHA1
4e787d6642a1dda606452000aebcef8aa7d294df

SHA256
6b381d120fe876ebc5d311f65af621a527f480f1e2c8c3964db9b20c4c5938cf

SHA512
c27c21ca9bd73888936a1ddb430f710cde3d13cc844104ca6799884bf0313c6e996b3d65c7be58bcf87a58bd6a9727b5ea59c0f859c0572449a1542673ffff5e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
904024ebfc0d733d3bbea6fb2a6e390b

SHA1
d4bc147dccacef3141c7489ff3984614599f3b24

SHA256
dfae78e758f38f0b88d373fbe33024c67b93e95562c3ffbab0e2c76e8cfebacb

SHA512
6c79adc481f37d93c05f5edaa79327013863df00bb746b4547483136ed9b8b1c281bcf940fc5a5101f5974843d0bfbd084e37a3457ca13fde6677a6dea3b0cf6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
ef3acf2943dff53af7896d8620977a2d

SHA1
bdd07d046264349d46bd7a96eda39984d8725abe

SHA256
eca3a80e5725c42dbb4d3d5de0f12d6f3ba1321897f7c92a323fcd1c16eb0012

SHA512
45a4935247b6cab3357cc8f44b78085eb17e30827115f7c3327e4f3b9f5da4eb67ee64d5799bff0ec9af48168c7f86e3edd3d9414376561592c722a5e8556f43

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
cde8918455d2c714e1fcade5ef425810

SHA1
deacd6bd40de7f851ff17eacca51aec89215dadb

SHA256
df5bba9a0604e84c97124a289e16f6c6cf1d10e0d389a4f0b8051915254e5406

SHA512
f35e0b7b8effeacbdf395c49b1a5a90f16dcd73fcc43f11d6acadf840f041d94e44786bbd248003000f8ae508a7da44280ecd74e141a472f8e48723b53d74d7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
0f9f3bf035247b69d5e52380028cf147

SHA1
b97c9ceb38971f3a57ff9887a5cc3270309d02d2

SHA256
3fadb2040fdad102732f145cc549d4bb5b3af0c56af21663d2ad73b6deb35b99

SHA512
8457e3f578ab299ab47e2d2dbfd15e6d2979789ddaf127f7c043d7f88923077a26ed0b238ea1e4d5d7bf749267f48aa2bf8f524040c244b6ff983f0c788b570c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0ed00141375a2689ec4566fcf8f9ea54

SHA1
aed40259288e9bd17cc22d99595eb90b734bfcbb

SHA256
747cd6790bb7039a8acf5b1e8dcee8947774c13c00d873a3e5be3cd94dff462f

SHA512
6f515d384c0c0811c83113cc847dc57d5efbd7e63aca2a093d81692611a62225cfa2f127ac3cb4a29026b0c5dfe280698a9972c2a7946f831d5545a8c9d89976

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
82dc124500c523dd0e6d2bc61eed76bc

SHA1
88a69485127ab2d894286c2d1c96ca04f7255df3

SHA256
120f125929fce57c15e060c471db2ed5369d26dea5bef8889c61ddccd3959b10

SHA512
ee87dcd742bfd85581391651bd0aaca6c3010762ef900cd91a1f290701cf21040da4e0704a8594394510aef6066b1476139b73beb83f657629827b1818c11e7d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
00f3d9b597703c3c3c356153a820dbc0

SHA1
f788b4578c63046620850baa9d31f1cb6f61ca4c

SHA256
5b5af6267f8239b152ca1ccc9ee32b9e51f7c7ce4a30d2caa4f8cd78e29e01cf

SHA512
94898fa93e45f09e04c9ab9e5a5607182c8d9e0f8273e802c3eb70d197bfce6f9d727ca159e87868387d896fafb83eea467fb1d7668b1b02bc02ccfcd87a2a06

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
68f729b844883ffe8262af86325c5456

SHA1
7247e4e92c2467aaaa0730026577fd3d021fa497

SHA256
19416d52ea05dcbf312a296eebd810d9208df20a198bb6ff905b0c31bec01f9c

SHA512
bc0af7b95ffe43a925e2463edc6a3cc0ae9c13188563665855bddf68cda037f7aefef669ca0fa0e72fc65e1528f101dc9c38447f1e1442214ddf6a71fc447a53

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b963d671bcadc956991a9d78b0e866df

SHA1
273f52c7e14292bc3ec405f357f802742b66dd38

SHA256
93c721790bd78ad9ab7a969cee04e0e1d837c84fcc97634b14907b30e95a9c52

SHA512
7d0701b07492b10811fb3785ea9a36640ec9544f86fc026240293b4b415690aa7872678f6799294cb66a7604cf937421d1e4bb7bb569f3cb178214b379824528

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
2cf51cc494abdefd506a4ca41d52cb3b

SHA1
0828478a2920e1b07eae07f4c159397f2ffddc0d

SHA256
dea4ee096cd97361d1251986792e00c9ca30c62827eede22bee77b6a7d0f7d0d

SHA512
091835b4f5d5ace3a29a5ea389e427721408ba1f36028e5c386dd65a0a5cad059a4d2bc6e38b4bfa825097f05107a903f5f651aa034116042accc9938d971625

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7e036ec4c125342724f107ff74492a0b

SHA1
e657c22f3c5f89d6f313df9d10e4c71061b1fb11

SHA256
f16044eaeabf59b093e7a43ed9fea9e43fbe9d30c7ee9064954bf9512aa9d401

SHA512
7b006128c661cd6d503ed8483a32e0bbb8fbc33285a41590e04705792d644677e5726dfccaa2a863016c63d43830ec8ca00be7e4105690623dc459503c1895dd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
d23ccada1afca9e8f49d1cba9c81b580

SHA1
5b51eb8e72032d3c949079d2e8a2823326aa4091

SHA256
fd897b55a3162aec0f732ed160ed289734702472471bf4ccd12820ade7c31d3b

SHA512
16cd4f453613de32b16127714496835be974278ef9ac1a67f352487b1b4102cf6f9f0264e58c86e64a1f8c19a5d30bc2aeca6fe7dbf7b81af94b26cec2242f86

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1260cb4ef24256705596251318f94bd5

SHA1
22f802308a3552602a2b4c2e814be083aef81f30

SHA256
94f0bc0a28dbb34bc2a8d1bc56f8cd90e7cfba88e1d75419e86637820522d04e

SHA512
6037cbcf30937537834e187841033fa3012a5ef2b32a3adf0908a59f4c044b9da5f05cfa3bbfb8471ffc852297d6d1c5a63aa5b5a6418b72662031df26bbc94b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
e4517259fac0b9d9dfe6215ee141c1e0

SHA1
a0d86e9064d629d9b2ae1ffcbd188232ab9fed90

SHA256
f9466825783924fd9570da800615dba90ae2eaadc5b4ed8c923a4a518874af09

SHA512
3799a8bf74f6f4b43a631dd18f626b2ab1f93ee78ce6f4eaee3ee8e02e18911194de160aa12ae9a8feb425dc754a30ac179fa58ff5b07be74ea979a09100dd51

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
78b66a29d7f6a3d47a978ed89f3f6227

SHA1
1c56d837c20c96270af890026330349826e18bfe

SHA256
2d7947b7117e26c37b2c1bba20d57e7381498d3541a6714245e5e2d6a003a476

SHA512
79ed2d016fcd5842fd067df3117a948ef82f585be521b14612372f23f7e739e82cd5347b4c4e4e3748801d56ed52e2014d6a5465798b1d5d1a04587d4e7f4d10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
e25d992b08c041214ae04c794839202b

SHA1
3e42ba8fea9bb8e4cbb00032f321854dced26df0

SHA256
0a6bf3a212b17131873d871095aa3505554e11409806daa1a747741f3845c0be

SHA512
9e5004d2fe44b2f7c6a61575615a890482b773c7d20114ed88f216082016f0bf5f670c636a097c01ad96a3e735aae902dee10a682e36c633c3b476c27b3c2dde

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c74f5773bf2186815248e53fcb8d4df9

SHA1
8da1bdd1f91aec0a044f87ca901d2b165cc3c7f3

SHA256
66567fcdb3252493dd7f77ce78994a96513e7b770ef3b362fa013bdd917d6e24

SHA512
1f2053afc5654dcd8576de27b17d2ba763c61aa6559e9935b63eaccf7c26e2217920709b9138353bf9b097d49379493821f207ffdeff90328331415b2f13bc3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
98f6ca2a0d6ca2e194435fdec1ddd963

SHA1
4d8372221941cfd3e12074a16a8b3fa688d10473

SHA256
897539397715c6eb34fd52de2b969bf40c851c7784f7fde7d459eb5ce722f02c

SHA512
acb2f86cc08cf9b144fcb4dded73e3c407d95bb84450409a2021b8a7849691f494041a9ba5a6dc9d8b8d15dba1bf1cee097f743f92bbb2dbd20ed74cd358573d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c770ceb69d886b9681e65cc0c4c8f9db

SHA1
5b30b7fde95e2a953af2e9eff0d046d7c1e3187d

SHA256
f2d95c5bf658d0e4a808c0818ef3360f661554cbfb6151230eda00f0f3aec775

SHA512
8be41be8f70feb59e4f5bd2597d1e841120f174f041d2e1b733ea01bb6481eac3f0e0f43037b81f37baa2a6d0a6338ea1230ce56a7d77beec15bc72d4d065910

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
2.9MB

MD5
ad829f24697ab5836b3e93d3c014f7a4

SHA1
b95d212648b5b57abe2a84190c351def10c85132

SHA256
df8ae02c0de4737a69093223c13326818f8e7ef3322ab1252a7e2d40b79221f2

SHA512
01c110bf6662b0df58a3ef6f8db64ad4bd5165998603f5d48dc7388cce27a306b0c41ea08985d331a44f8f422044cc44d8fc9048a6a346519776630c8ac72888

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.exe

Filesize
2.9MB

MD5
e17e3b8148f266dfa58c1dd56a76b192

SHA1
20624640872b5f0fdc0d9d7ddb3cfa7a52900772

SHA256
c52ad90153f865d5a9b205e27f9b0b490463bc5a4a35ef70365712cc48c77b1f

SHA512
44dcda27fa3cc933e5722d149c1dd72e1999090f26b05b7f0f2d9266408976eac14caac237342f33c4c07ba5279bebdfcaae09f612454716b170425f79b4d56a

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
2.9MB

MD5
25b57ff2fe11322bcf72283bbd6ae6be

SHA1
a344850c803e966e74163b66af20014b104996d4

SHA256
79bc2c38683eb148a21522a5614d2cbf081a6e746e4275a2d91f30e38cda0269

SHA512
f09aa0e795bb5cc0ab31707eb62daa714802e8609a280439bd336b887d81c07f2665e669f5e0ca027c91ec178abb94fb0e35c7c718b510b44a0719c9defe1779

Download Submit
memory/4136-50-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/4136-5-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/4576-45-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/4576-0-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads