0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f

General

Target

0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe
Size

61KB
MD5

2c868798226d1d103945b152cbdc1bb0
SHA1

a07c3b170920de641d6fa7c1f832671c73ff35d3
SHA256

0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f
SHA512

525394fbba648ba219e2b351c2ef68293ac1df0c2554df85da9c73f27dfa981e8532c5f2544edf7cb0887cd997ad4b8b633373a603544dd28b755f7ee9c3c924
SSDEEP

768:pu16GVRu1yK9fMnJG2V9dHS8OahOhuz+aj4n24exXVRMN1t6wAkcMLztb31:po3SHuJV9NqawuzXv4exFRKAMN31

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exe0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe

pid process

4560 Logo1_.exe
4296 0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\F:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\policytool.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\WidevineCdm\_platform_specific\win_x64\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\SmartSelect\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\rundl132.exe	0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe
File created	C:\Windows\Logo1_.exe	0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

Logo1_.exe

pid	process
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe
4560	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

Processes:

0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exeLogo1_.exenet.execmd.exe

description	pid	process	target process
PID 532 wrote to memory of 2100	532	0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe	cmd.exe
PID 532 wrote to memory of 2100	532	0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe	cmd.exe
PID 532 wrote to memory of 2100	532	0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe	cmd.exe
PID 532 wrote to memory of 4560	532	0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe	Logo1_.exe
PID 532 wrote to memory of 4560	532	0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe	Logo1_.exe
PID 532 wrote to memory of 4560	532	0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe	Logo1_.exe
PID 4560 wrote to memory of 684	4560	Logo1_.exe	net.exe
PID 4560 wrote to memory of 684	4560	Logo1_.exe	net.exe
PID 4560 wrote to memory of 684	4560	Logo1_.exe	net.exe
PID 684 wrote to memory of 2800	684	net.exe	net1.exe
PID 684 wrote to memory of 2800	684	net.exe	net1.exe
PID 684 wrote to memory of 2800	684	net.exe	net1.exe
PID 2100 wrote to memory of 4296	2100	cmd.exe	0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe
PID 2100 wrote to memory of 4296	2100	cmd.exe	0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe
PID 2100 wrote to memory of 4296	2100	cmd.exe	0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe
PID 4560 wrote to memory of 3064	4560	Logo1_.exe	Explorer.EXE
PID 4560 wrote to memory of 3064	4560	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe
"C:\Users\Admin\AppData\Local\Temp\0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe"
2⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:532

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAC33.bat
3⤵
- Suspicious use of WriteProcessMemory
PID:2100

C:\Users\Admin\AppData\Local\Temp\0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe
"C:\Users\Admin\AppData\Local\Temp\0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe"
4⤵
- Executes dropped EXE
PID:4296

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4560

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:684

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:2800

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$aAC33.bat

Filesize
722B

MD5
ee3bed5452c7ebab60d90f0a34120362

SHA1
ed60ce6770376dde2f8fda2da277f06037644edf

SHA256
d3f36ab141604e18629bc15a83527eba7d7d59f4cd649a9daace8b7c3b71f2c0

SHA512
48c5765434ef9e970743282b44f2d5c19bbec2df3b9c342953b9cef2a995ea69c78ed8506bff38a4d25ed530fb96efcfcb5b4f8f7c08a705d7707b9ec5728964

Download Submit
C:\Users\Admin\AppData\Local\Temp\0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe

Filesize
32KB

MD5
cb31ca7bd8fd5eea71fb1eda9f9c373d

SHA1
e8c830516c6bb4af862fffd05424afed7b8879b0

SHA256
0e22ccc38dd07787eb27ba310cfaad4946d3f8f5be27fceb993352f52bffd38e

SHA512
6bea48fc299522a46226e8e92affc698fbf73b31d4f1074b45d241957f17f02aa5c43dd72ca651f825166bf99cd94c7d64e1e669d138619a8b9883c0052bae48

Download Submit
C:\Users\Admin\AppData\Local\Temp\0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe.exe

Filesize
32KB

MD5
cb31ca7bd8fd5eea71fb1eda9f9c373d

SHA1
e8c830516c6bb4af862fffd05424afed7b8879b0

SHA256
0e22ccc38dd07787eb27ba310cfaad4946d3f8f5be27fceb993352f52bffd38e

SHA512
6bea48fc299522a46226e8e92affc698fbf73b31d4f1074b45d241957f17f02aa5c43dd72ca651f825166bf99cd94c7d64e1e669d138619a8b9883c0052bae48

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
2872f62ba008526accca6e87b9112e83

SHA1
8a5ae449ead9f5b7ed4621644297054d9e2b6dcc

SHA256
42ebc4014f8f8ab4505ba8184222160deb146eb8c934965231e1b2d2c6c46195

SHA512
c94f2900cf9d5761ac33b6fb3122a7ce655cc33deaeda98cbe1d8a2a5ddce3271ed752ba100de013d6fc7ac2d6c096a67d73d7deb3bd9e072ece6db2c4df5abb

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
2872f62ba008526accca6e87b9112e83

SHA1
8a5ae449ead9f5b7ed4621644297054d9e2b6dcc

SHA256
42ebc4014f8f8ab4505ba8184222160deb146eb8c934965231e1b2d2c6c46195

SHA512
c94f2900cf9d5761ac33b6fb3122a7ce655cc33deaeda98cbe1d8a2a5ddce3271ed752ba100de013d6fc7ac2d6c096a67d73d7deb3bd9e072ece6db2c4df5abb

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
2872f62ba008526accca6e87b9112e83

SHA1
8a5ae449ead9f5b7ed4621644297054d9e2b6dcc

SHA256
42ebc4014f8f8ab4505ba8184222160deb146eb8c934965231e1b2d2c6c46195

SHA512
c94f2900cf9d5761ac33b6fb3122a7ce655cc33deaeda98cbe1d8a2a5ddce3271ed752ba100de013d6fc7ac2d6c096a67d73d7deb3bd9e072ece6db2c4df5abb

Download Submit
memory/532-138-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/532-132-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/684-139-0x0000000000000000-mapping.dmp

Download
memory/2100-133-0x0000000000000000-mapping.dmp

Download
memory/2800-140-0x0000000000000000-mapping.dmp

Download
memory/4296-143-0x0000000000000000-mapping.dmp

Download
memory/4560-134-0x0000000000000000-mapping.dmp

Download
memory/4560-145-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4560-146-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download

pid	process
4560	Logo1_.exe
4296	0a60d9aa347e1300f77e055cbf9e942d1a354c1508e0cbf9e8948e19c29e632f.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads