c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f

General

Target

c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe
Size

827KB
MD5

26254659064fb639fa6f12abebd95ba0
SHA1

e26f965b569ab5e052e6ae30adcaaf79cb824416
SHA256

c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f
SHA512

0cce29dfdd3fd18b038b50ef63c81ec60895c2a8c5ffd23c2c26fad37c41f38f1f74a2bbbaeb3330167d1140278545176b88460d58856da747e965b3e26496c6
SSDEEP

12288:Lc4SMo6QMwIcRiKLs4QgTs6tyDYaNe9BTkWNK8SeQ3m9Ks0mVj6IYaGyvQHuk9d:A6/ZUbLs4tTswyzWVBElmII77+

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exec37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe

pid process

1684 Logo1_.exe
2312 c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\F:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\lo-LA\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\java-rmi.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mai\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2019.716.2313.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre1.8.0_66\lib\_desktop.ini	Logo1_.exe
File created	C:\Program Files\ModifiableWindowsApps\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sv-SE\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\kn-IN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\javacpl.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\contrast-high\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\MixerBranding\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\he\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Portable Devices\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-us\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\locimages\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\brx\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\jabswitch.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\lib\ext\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\th-TH\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\rundl132.exe	c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe
File created	C:\Windows\Logo1_.exe	c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

Logo1_.exe

pid	process
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe
1684	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

Processes:

c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exeLogo1_.exenet.execmd.exe

description	pid	process	target process
PID 4652 wrote to memory of 588	4652	c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe	cmd.exe
PID 4652 wrote to memory of 588	4652	c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe	cmd.exe
PID 4652 wrote to memory of 588	4652	c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe	cmd.exe
PID 4652 wrote to memory of 1684	4652	c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe	Logo1_.exe
PID 4652 wrote to memory of 1684	4652	c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe	Logo1_.exe
PID 4652 wrote to memory of 1684	4652	c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe	Logo1_.exe
PID 1684 wrote to memory of 3288	1684	Logo1_.exe	net.exe
PID 1684 wrote to memory of 3288	1684	Logo1_.exe	net.exe
PID 1684 wrote to memory of 3288	1684	Logo1_.exe	net.exe
PID 3288 wrote to memory of 2712	3288	net.exe	net1.exe
PID 3288 wrote to memory of 2712	3288	net.exe	net1.exe
PID 3288 wrote to memory of 2712	3288	net.exe	net1.exe
PID 588 wrote to memory of 2312	588	cmd.exe	c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe
PID 588 wrote to memory of 2312	588	cmd.exe	c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe
PID 588 wrote to memory of 2312	588	cmd.exe	c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe
PID 1684 wrote to memory of 3020	1684	Logo1_.exe	Explorer.EXE
PID 1684 wrote to memory of 3020	1684	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe
"C:\Users\Admin\AppData\Local\Temp\c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe"
2⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4652

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2C40.bat
3⤵
- Suspicious use of WriteProcessMemory
PID:588

C:\Users\Admin\AppData\Local\Temp\c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe
"C:\Users\Admin\AppData\Local\Temp\c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe"
4⤵
- Executes dropped EXE
PID:2312

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1684

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:3288

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:2712

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$a2C40.bat
Filesize
722B

MD5
5c5c270dffe2501b711b7598ce2134a0

SHA1
a031ab54b39a2d18657a44ec8ff79eece3cb1a99

SHA256
2ed225cd4a0088a83ba31b54a160122aa946dd1616a632513516ec27e7a6e402

SHA512
b09475a2d4c21cf066e647d341cc1abda84e1c1b4db76d42037e20684895bfc888dce89d95053d919c8cd9b8008c3530b23e27dbea20205eebdbae6038a730c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe
Filesize
797KB

MD5
28d826c27dec73d9853af87d328a46a6

SHA1
db283f13aa80609fca715bae5051fdb32518f9f2

SHA256
1295e5885c23220864df0a62082806726a121c90ce6df14d2d241d7d0905040d

SHA512
a863256cadf6a14312a9a4a29a5b23360868aa5f915ddcceb0bad8291ac58bb25c7cb0c295f1cc328d17140fc94897528b52946744ac48f7a9c9da7ac07ce992

Download Submit
C:\Users\Admin\AppData\Local\Temp\c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe.exe
Filesize
797KB

MD5
28d826c27dec73d9853af87d328a46a6

SHA1
db283f13aa80609fca715bae5051fdb32518f9f2

SHA256
1295e5885c23220864df0a62082806726a121c90ce6df14d2d241d7d0905040d

SHA512
a863256cadf6a14312a9a4a29a5b23360868aa5f915ddcceb0bad8291ac58bb25c7cb0c295f1cc328d17140fc94897528b52946744ac48f7a9c9da7ac07ce992

Download Submit
C:\Windows\Logo1_.exe
Filesize
29KB

MD5
96d0e0ccbd9f9d4d432ea028972f7202

SHA1
0128cb0d35e5ef0c60ec5cd3e4678e2fae93df30

SHA256
7309959e912fe8b6191a2fd480861494967cdb889bbfff6ab35ba4bd0eba90b4

SHA512
00458244daa5a36ef7bce53d71138a9c21b3c13d63a9d8ee2760f814e8a4c304c51828f280bdc8184b90c3fe7c0eb494cc05e67554b5f3e53ccf5f677acdea3a

Download Submit
C:\Windows\Logo1_.exe
Filesize
29KB

MD5
96d0e0ccbd9f9d4d432ea028972f7202

SHA1
0128cb0d35e5ef0c60ec5cd3e4678e2fae93df30

SHA256
7309959e912fe8b6191a2fd480861494967cdb889bbfff6ab35ba4bd0eba90b4

SHA512
00458244daa5a36ef7bce53d71138a9c21b3c13d63a9d8ee2760f814e8a4c304c51828f280bdc8184b90c3fe7c0eb494cc05e67554b5f3e53ccf5f677acdea3a

Download Submit
C:\Windows\rundl132.exe
Filesize
29KB

MD5
96d0e0ccbd9f9d4d432ea028972f7202

SHA1
0128cb0d35e5ef0c60ec5cd3e4678e2fae93df30

SHA256
7309959e912fe8b6191a2fd480861494967cdb889bbfff6ab35ba4bd0eba90b4

SHA512
00458244daa5a36ef7bce53d71138a9c21b3c13d63a9d8ee2760f814e8a4c304c51828f280bdc8184b90c3fe7c0eb494cc05e67554b5f3e53ccf5f677acdea3a

Download Submit
memory/588-133-0x0000000000000000-mapping.dmp

Download
memory/1684-134-0x0000000000000000-mapping.dmp

Download
memory/1684-143-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1684-146-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2312-144-0x0000000000000000-mapping.dmp

Download
memory/2712-140-0x0000000000000000-mapping.dmp

Download
memory/3288-139-0x0000000000000000-mapping.dmp

Download
memory/4652-137-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4652-132-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download

pid	process
1684	Logo1_.exe
2312	c37895ad70b9cf51194c83710e39b6cc00b140373a8b267a578676854dbffe1f.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads