7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689

General

Target

7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
Size

85KB
MD5

36f04d289ac6cedb95b96542746a0f80
SHA1

9398a6a7677b3bc3f382a702d17eb32402655b1f
SHA256

7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689
SHA512

bcd74cc940adf2dcbc51a319e916cc5795fb61a2c49257faf259e8a889e7fa6dfe6d6ad060d094f73f74604a7ca6eea39ca6a8aeb0af649608a3196b7c36ea9f
SSDEEP

768:I1O5RroZJ767395uINnEfDKBbUCp1OTZ+/VOKZWaIpMh66nIBL+nqXfaIRRlxfGe:I1e+Zk77RNzLiTO7ZCwIvRHxfG3ObF

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exe7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe

pid process

1396 Logo1_.exe
1560 7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

564 cmd.exe
Loads dropped DLL 2 IoCs

Processes:

cmd.exe

pid process

564 cmd.exe
564 cmd.exe

pid	process
1396	Logo1_.exe
1560	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe

pid	process
564	cmd.exe

pid	process
564	cmd.exe
564	cmd.exe

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\F:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Chess\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ia\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\lua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Internet Explorer\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Purble Place\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\management\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Hearts\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\chrome_pwa_launcher.exe	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\lg\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_output\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\FreeCell\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javacpl.exe	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\rundl132.exe	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
File created	C:\Windows\Logo1_.exe	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\Dll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 43 IoCs

Processes:

7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exeLogo1_.exe

pid	process
556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe

Suspicious use of WriteProcessMemory 38 IoCs

Processes:

7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exenet.exeLogo1_.exenet.exenet.execmd.exe

description	pid	process	target process
PID 556 wrote to memory of 1492	556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe	net.exe
PID 556 wrote to memory of 1492	556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe	net.exe
PID 556 wrote to memory of 1492	556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe	net.exe
PID 556 wrote to memory of 1492	556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe	net.exe
PID 1492 wrote to memory of 764	1492	net.exe	net1.exe
PID 1492 wrote to memory of 764	1492	net.exe	net1.exe
PID 1492 wrote to memory of 764	1492	net.exe	net1.exe
PID 1492 wrote to memory of 764	1492	net.exe	net1.exe
PID 556 wrote to memory of 564	556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe	cmd.exe
PID 556 wrote to memory of 564	556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe	cmd.exe
PID 556 wrote to memory of 564	556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe	cmd.exe
PID 556 wrote to memory of 564	556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe	cmd.exe
PID 556 wrote to memory of 1396	556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe	Logo1_.exe
PID 556 wrote to memory of 1396	556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe	Logo1_.exe
PID 556 wrote to memory of 1396	556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe	Logo1_.exe
PID 556 wrote to memory of 1396	556	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe	Logo1_.exe
PID 1396 wrote to memory of 1992	1396	Logo1_.exe	net.exe
PID 1396 wrote to memory of 1992	1396	Logo1_.exe	net.exe
PID 1396 wrote to memory of 1992	1396	Logo1_.exe	net.exe
PID 1396 wrote to memory of 1992	1396	Logo1_.exe	net.exe
PID 1992 wrote to memory of 692	1992	net.exe	net1.exe
PID 1992 wrote to memory of 692	1992	net.exe	net1.exe
PID 1992 wrote to memory of 692	1992	net.exe	net1.exe
PID 1992 wrote to memory of 692	1992	net.exe	net1.exe
PID 1396 wrote to memory of 1388	1396	Logo1_.exe	net.exe
PID 1396 wrote to memory of 1388	1396	Logo1_.exe	net.exe
PID 1396 wrote to memory of 1388	1396	Logo1_.exe	net.exe
PID 1396 wrote to memory of 1388	1396	Logo1_.exe	net.exe
PID 1388 wrote to memory of 1324	1388	net.exe	net1.exe
PID 1388 wrote to memory of 1324	1388	net.exe	net1.exe
PID 1388 wrote to memory of 1324	1388	net.exe	net1.exe
PID 1388 wrote to memory of 1324	1388	net.exe	net1.exe
PID 564 wrote to memory of 1560	564	cmd.exe	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
PID 564 wrote to memory of 1560	564	cmd.exe	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
PID 564 wrote to memory of 1560	564	cmd.exe	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
PID 564 wrote to memory of 1560	564	cmd.exe	7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
PID 1396 wrote to memory of 1212	1396	Logo1_.exe	Explorer.EXE
PID 1396 wrote to memory of 1212	1396	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1212

C:\Users\Admin\AppData\Local\Temp\7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
"C:\Users\Admin\AppData\Local\Temp\7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe"
2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:556

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
3⤵
- Suspicious use of WriteProcessMemory
PID:1492

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
4⤵
PID:764

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a16EB.bat
3⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:564

C:\Users\Admin\AppData\Local\Temp\7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe
"C:\Users\Admin\AppData\Local\Temp\7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe"
4⤵
- Executes dropped EXE
PID:1560

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1396

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:1992

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:692

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:1388

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:1324

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$a16EB.bat

Filesize
722B

MD5
1d13792f38f62cd445b8eca4e81b21ce

SHA1
6e66ea3afb1188224582525ec6cec439a9d4e6fd

SHA256
9d1c6011a91ddf8e7f4d05b41853c40eebcf1c51e1256d9edeb1c14d85efc9ea

SHA512
7d35b48ea9e816bfb130856b5ac53089650cd6fae438920a192e9bd4271d364ee886a0c06633bf46d93109b93fa2cd2766b2501fcfd9a3de0e64dc60c0e0631b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe

Filesize
52KB

MD5
c0b96bc33df7c66febc628008fbc76fa

SHA1
2ddfe1f3e0decceff7f799e8348d50e2d8fe7bc1

SHA256
850bd923c0988ec061d1181bd258eaa4b1310ae5f18c64732fdaf95995670127

SHA512
21ae5436f21e2b23aea025ca0d2e46ba97f9eba621760d192f9525865afa2006d2467b4a7ee95d518cad3f58c573b4a7c5ae6bebcfa3da9377c750dbf1e3f658

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe.exe

Filesize
52KB

MD5
c0b96bc33df7c66febc628008fbc76fa

SHA1
2ddfe1f3e0decceff7f799e8348d50e2d8fe7bc1

SHA256
850bd923c0988ec061d1181bd258eaa4b1310ae5f18c64732fdaf95995670127

SHA512
21ae5436f21e2b23aea025ca0d2e46ba97f9eba621760d192f9525865afa2006d2467b4a7ee95d518cad3f58c573b4a7c5ae6bebcfa3da9377c750dbf1e3f658

Download Submit
C:\Windows\Logo1_.exe

Filesize
33KB

MD5
2592ca339264cf53ce995a6004b4d9de

SHA1
8553cada82d8fa4b419a6ea790a9ab5caaa702c9

SHA256
8bb5b07ebf476a25f5516bbdfdd2880e8d1cca497d29d209e7c10c8f22517677

SHA512
8ca3754f118eddf106f20e0da91875f8db0d7056c61c134867301a3f87d10e58e8cb1241096293da794aac2080f269708390e3deba6317788acc6a4170c95ff7

Download Submit
C:\Windows\Logo1_.exe

Filesize
33KB

MD5
2592ca339264cf53ce995a6004b4d9de

SHA1
8553cada82d8fa4b419a6ea790a9ab5caaa702c9

SHA256
8bb5b07ebf476a25f5516bbdfdd2880e8d1cca497d29d209e7c10c8f22517677

SHA512
8ca3754f118eddf106f20e0da91875f8db0d7056c61c134867301a3f87d10e58e8cb1241096293da794aac2080f269708390e3deba6317788acc6a4170c95ff7

Download Submit
C:\Windows\rundl132.exe

Filesize
33KB

MD5
2592ca339264cf53ce995a6004b4d9de

SHA1
8553cada82d8fa4b419a6ea790a9ab5caaa702c9

SHA256
8bb5b07ebf476a25f5516bbdfdd2880e8d1cca497d29d209e7c10c8f22517677

SHA512
8ca3754f118eddf106f20e0da91875f8db0d7056c61c134867301a3f87d10e58e8cb1241096293da794aac2080f269708390e3deba6317788acc6a4170c95ff7

Download Submit
\Users\Admin\AppData\Local\Temp\7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe

Filesize
52KB

MD5
c0b96bc33df7c66febc628008fbc76fa

SHA1
2ddfe1f3e0decceff7f799e8348d50e2d8fe7bc1

SHA256
850bd923c0988ec061d1181bd258eaa4b1310ae5f18c64732fdaf95995670127

SHA512
21ae5436f21e2b23aea025ca0d2e46ba97f9eba621760d192f9525865afa2006d2467b4a7ee95d518cad3f58c573b4a7c5ae6bebcfa3da9377c750dbf1e3f658

Download Submit
\Users\Admin\AppData\Local\Temp\7f816b8fef1ef863eecbbc50359a5c7eb44b8b45827004286f5267b60ae4c689.exe

Filesize
52KB

MD5
c0b96bc33df7c66febc628008fbc76fa

SHA1
2ddfe1f3e0decceff7f799e8348d50e2d8fe7bc1

SHA256
850bd923c0988ec061d1181bd258eaa4b1310ae5f18c64732fdaf95995670127

SHA512
21ae5436f21e2b23aea025ca0d2e46ba97f9eba621760d192f9525865afa2006d2467b4a7ee95d518cad3f58c573b4a7c5ae6bebcfa3da9377c750dbf1e3f658

Download Submit
memory/556-60-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/556-54-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/564-57-0x0000000000000000-mapping.dmp

Download
memory/692-63-0x0000000000000000-mapping.dmp

Download
memory/764-56-0x0000000000000000-mapping.dmp

Download
memory/1324-67-0x0000000000000000-mapping.dmp

Download
memory/1388-66-0x0000000000000000-mapping.dmp

Download
memory/1396-64-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1396-58-0x0000000000000000-mapping.dmp

Download
memory/1396-74-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1492-55-0x0000000000000000-mapping.dmp

Download
memory/1560-72-0x0000000000000000-mapping.dmp

Download
memory/1992-62-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads