3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0

General

Target

3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
Size

47KB
MD5

065de212eea42e33e13a3c10d5fb71f6
SHA1

44ac1bfc199b03750a50f399c70dffda301c7f66
SHA256

3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0
SHA512

85ebd7fbab94e28506074c6aa01eabafe41dcec4ec02e621b0b66614255653a74c21709c95e7e3da2a08441b39b4435db5c8927c748aa485e7cd6d0510b5b1c6
SSDEEP

768:PxElOIEvzMXqtwp/lttaL7HP4wIncLRdR5kP78a0RJW/aMDYMUrOOKvL3eIbqm:PxaYzMXqtGNttyUn01Q78a4R6LTTHqm

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

Processes:

3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exeLogo1_.exe

description	ioc	process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	Logo1_.exe

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exe3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe

pid process

268 Logo1_.exe
1804 3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

328 cmd.exe
Loads dropped DLL 2 IoCs

Processes:

cmd.exe

pid process

328 cmd.exe
328 cmd.exe

pid	process
268	Logo1_.exe
1804	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe

pid	process
328	cmd.exe

pid	process
328	cmd.exe
328	cmd.exe

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\F:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File created	C:\Program Files\Microsoft Games\Chess\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VBA\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\wa\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\Policies\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\chrome_installer.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\klist.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ko\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\th\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\Logo1_.exe	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\Dll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 43 IoCs

Processes:

3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exeLogo1_.exe

pid	process
1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe
268	Logo1_.exe

Suspicious use of WriteProcessMemory 38 IoCs

Processes:

3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exenet.exeLogo1_.exenet.execmd.exenet.exe

description	pid	process	target process
PID 1552 wrote to memory of 832	1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe	net.exe
PID 1552 wrote to memory of 832	1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe	net.exe
PID 1552 wrote to memory of 832	1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe	net.exe
PID 1552 wrote to memory of 832	1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe	net.exe
PID 832 wrote to memory of 1464	832	net.exe	net1.exe
PID 832 wrote to memory of 1464	832	net.exe	net1.exe
PID 832 wrote to memory of 1464	832	net.exe	net1.exe
PID 832 wrote to memory of 1464	832	net.exe	net1.exe
PID 1552 wrote to memory of 328	1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe	cmd.exe
PID 1552 wrote to memory of 328	1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe	cmd.exe
PID 1552 wrote to memory of 328	1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe	cmd.exe
PID 1552 wrote to memory of 328	1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe	cmd.exe
PID 1552 wrote to memory of 268	1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe	Logo1_.exe
PID 1552 wrote to memory of 268	1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe	Logo1_.exe
PID 1552 wrote to memory of 268	1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe	Logo1_.exe
PID 1552 wrote to memory of 268	1552	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe	Logo1_.exe
PID 268 wrote to memory of 1460	268	Logo1_.exe	net.exe
PID 268 wrote to memory of 1460	268	Logo1_.exe	net.exe
PID 268 wrote to memory of 1460	268	Logo1_.exe	net.exe
PID 268 wrote to memory of 1460	268	Logo1_.exe	net.exe
PID 1460 wrote to memory of 1760	1460	net.exe	net1.exe
PID 1460 wrote to memory of 1760	1460	net.exe	net1.exe
PID 1460 wrote to memory of 1760	1460	net.exe	net1.exe
PID 1460 wrote to memory of 1760	1460	net.exe	net1.exe
PID 328 wrote to memory of 1804	328	cmd.exe	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
PID 328 wrote to memory of 1804	328	cmd.exe	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
PID 328 wrote to memory of 1804	328	cmd.exe	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
PID 328 wrote to memory of 1804	328	cmd.exe	3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
PID 268 wrote to memory of 748	268	Logo1_.exe	net.exe
PID 268 wrote to memory of 748	268	Logo1_.exe	net.exe
PID 268 wrote to memory of 748	268	Logo1_.exe	net.exe
PID 268 wrote to memory of 748	268	Logo1_.exe	net.exe
PID 748 wrote to memory of 1528	748	net.exe	net1.exe
PID 748 wrote to memory of 1528	748	net.exe	net1.exe
PID 748 wrote to memory of 1528	748	net.exe	net1.exe
PID 748 wrote to memory of 1528	748	net.exe	net1.exe
PID 268 wrote to memory of 1244	268	Logo1_.exe	Explorer.EXE
PID 268 wrote to memory of 1244	268	Logo1_.exe	Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
"C:\Users\Admin\AppData\Local\Temp\3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe"
1⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1552

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
2⤵
- Suspicious use of WriteProcessMemory
PID:832

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
3⤵
PID:1464

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$aA777.bat
2⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:328

C:\Users\Admin\AppData\Local\Temp\3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe
"C:\Users\Admin\AppData\Local\Temp\3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe"
3⤵
- Executes dropped EXE
PID:1804

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:268

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
3⤵
- Suspicious use of WriteProcessMemory
PID:1460

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
4⤵
PID:1760

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
3⤵
- Suspicious use of WriteProcessMemory
PID:748

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
4⤵
PID:1528

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1244

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$aA777.bat

Filesize
722B

MD5
f8c87407cd1309fdc6ef13b5f7124382

SHA1
b8d8a2779ec19aa433420f7296a74b83365bdeab

SHA256
56db2a3652e82ff08c327fa0e2c9f140295b2e32ad8c9fc87237b056cf97f73e

SHA512
05fda979bd0062191007a207e1e85498665ea21da4418e98e57275f4ad2c76e978476797608f70a5abc5f60fd4e5ece8abde6309fd290e9c9e9979f00a2a612d

Download Submit
C:\Users\Admin\AppData\Local\Temp\3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe

Filesize
14KB

MD5
b7a2fbbeb343cc841bb2a0e846455769

SHA1
591e1dc5e6f73212072db6873ce764a76056e2a7

SHA256
cd5b74669487ecaaf84d55a506aeb007d9be8b69fc392bf4cc752fc257ea6319

SHA512
69478ff8818bfd5df7b62094d49b23110c04bc6e4581c22f04b1fe4177b40cd8b61e9b67350080c6a4642afe7681155f4426546af27b7a66f94abc92e8c8d225

Download Submit
C:\Users\Admin\AppData\Local\Temp\3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe.exe

Filesize
14KB

MD5
b7a2fbbeb343cc841bb2a0e846455769

SHA1
591e1dc5e6f73212072db6873ce764a76056e2a7

SHA256
cd5b74669487ecaaf84d55a506aeb007d9be8b69fc392bf4cc752fc257ea6319

SHA512
69478ff8818bfd5df7b62094d49b23110c04bc6e4581c22f04b1fe4177b40cd8b61e9b67350080c6a4642afe7681155f4426546af27b7a66f94abc92e8c8d225

Download Submit
C:\Windows\Logo1_.exe

Filesize
33KB

MD5
4af5ed4fa49ba9de6e65b33ed1b98b23

SHA1
78f747ec6e817ecb94e0cd8be4489eeaaa0b318f

SHA256
6bcea3e0ee25792f63ab8d37693db7c828413dedd7feeaf1268beb95439969b6

SHA512
8efc0dccf0c8b74158dd5511a81159c199634ffa77621dbcba02ffd6428cab6b31b3d21bc39cb37dadb0c4ffaad6d8c411df35a9b92bfab9b9056f97efd04bbf

Download Submit
C:\Windows\Logo1_.exe

Filesize
33KB

MD5
4af5ed4fa49ba9de6e65b33ed1b98b23

SHA1
78f747ec6e817ecb94e0cd8be4489eeaaa0b318f

SHA256
6bcea3e0ee25792f63ab8d37693db7c828413dedd7feeaf1268beb95439969b6

SHA512
8efc0dccf0c8b74158dd5511a81159c199634ffa77621dbcba02ffd6428cab6b31b3d21bc39cb37dadb0c4ffaad6d8c411df35a9b92bfab9b9056f97efd04bbf

Download Submit
C:\Windows\rundl132.exe

Filesize
33KB

MD5
4af5ed4fa49ba9de6e65b33ed1b98b23

SHA1
78f747ec6e817ecb94e0cd8be4489eeaaa0b318f

SHA256
6bcea3e0ee25792f63ab8d37693db7c828413dedd7feeaf1268beb95439969b6

SHA512
8efc0dccf0c8b74158dd5511a81159c199634ffa77621dbcba02ffd6428cab6b31b3d21bc39cb37dadb0c4ffaad6d8c411df35a9b92bfab9b9056f97efd04bbf

Download Submit
\Users\Admin\AppData\Local\Temp\3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe

Filesize
14KB

MD5
b7a2fbbeb343cc841bb2a0e846455769

SHA1
591e1dc5e6f73212072db6873ce764a76056e2a7

SHA256
cd5b74669487ecaaf84d55a506aeb007d9be8b69fc392bf4cc752fc257ea6319

SHA512
69478ff8818bfd5df7b62094d49b23110c04bc6e4581c22f04b1fe4177b40cd8b61e9b67350080c6a4642afe7681155f4426546af27b7a66f94abc92e8c8d225

Download Submit
\Users\Admin\AppData\Local\Temp\3458283903b5cb83c884766faf2cfa2243f0ebe4cf482aa82ed60c4bea733ee0.exe

Filesize
14KB

MD5
b7a2fbbeb343cc841bb2a0e846455769

SHA1
591e1dc5e6f73212072db6873ce764a76056e2a7

SHA256
cd5b74669487ecaaf84d55a506aeb007d9be8b69fc392bf4cc752fc257ea6319

SHA512
69478ff8818bfd5df7b62094d49b23110c04bc6e4581c22f04b1fe4177b40cd8b61e9b67350080c6a4642afe7681155f4426546af27b7a66f94abc92e8c8d225

Download Submit
memory/268-64-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/268-58-0x0000000000000000-mapping.dmp

Download
memory/268-74-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/328-57-0x0000000000000000-mapping.dmp

Download
memory/748-72-0x0000000000000000-mapping.dmp

Download
memory/832-54-0x0000000000000000-mapping.dmp

Download
memory/1460-62-0x0000000000000000-mapping.dmp

Download
memory/1464-55-0x0000000000000000-mapping.dmp

Download
memory/1528-73-0x0000000000000000-mapping.dmp

Download
memory/1552-60-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1552-56-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1760-63-0x0000000000000000-mapping.dmp

Download
memory/1804-69-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads