4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430

General

Target

4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
Size

265KB
MD5

0614bbc750f21100cc2325947ab7b640
SHA1

e291bcebb7894a3f32e570397deaf6bd8d6d07f0
SHA256

4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430
SHA512

4f135251d707c03ea1b4b0f4f8e924261b6be8a02a56ffcf3af90d4f57269e2a647f71c661b7640c53bf2e7e16e0404b16c899e42ab94aa7ca166025a354d0fc
SSDEEP

6144:w1m0vTVNcsYWv6pcBMq6hs/IaO9YTt+VrN:w1m0vBqw6a53tZI

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exe4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe

pid process

972 Logo1_.exe
1772 4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

896 cmd.exe
Loads dropped DLL 1 IoCs

Processes:

cmd.exe

pid process

896 cmd.exe

pid	process
972	Logo1_.exe
1772	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe

pid	process
896	cmd.exe

pid	process
896	cmd.exe

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\F:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\mux\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Help\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\More Games\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\th\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Defender\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe	Logo1_.exe
File created	C:\Program Files (x86)\Google\CrashReports\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Offline\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\orbd.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access_output\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\MSBuild\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\Icons\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\Logo1_.exe	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\Dll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 43 IoCs

Processes:

4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exeLogo1_.exe

pid	process
1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe

Suspicious use of WriteProcessMemory 38 IoCs

Processes:

4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exenet.exeLogo1_.exenet.execmd.exenet.exe

description	pid	process	target process
PID 1896 wrote to memory of 2016	1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe	net.exe
PID 1896 wrote to memory of 2016	1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe	net.exe
PID 1896 wrote to memory of 2016	1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe	net.exe
PID 1896 wrote to memory of 2016	1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe	net.exe
PID 2016 wrote to memory of 1608	2016	net.exe	net1.exe
PID 2016 wrote to memory of 1608	2016	net.exe	net1.exe
PID 2016 wrote to memory of 1608	2016	net.exe	net1.exe
PID 2016 wrote to memory of 1608	2016	net.exe	net1.exe
PID 1896 wrote to memory of 896	1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe	cmd.exe
PID 1896 wrote to memory of 896	1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe	cmd.exe
PID 1896 wrote to memory of 896	1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe	cmd.exe
PID 1896 wrote to memory of 896	1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe	cmd.exe
PID 1896 wrote to memory of 972	1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe	Logo1_.exe
PID 1896 wrote to memory of 972	1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe	Logo1_.exe
PID 1896 wrote to memory of 972	1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe	Logo1_.exe
PID 1896 wrote to memory of 972	1896	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe	Logo1_.exe
PID 972 wrote to memory of 1652	972	Logo1_.exe	net.exe
PID 972 wrote to memory of 1652	972	Logo1_.exe	net.exe
PID 972 wrote to memory of 1652	972	Logo1_.exe	net.exe
PID 972 wrote to memory of 1652	972	Logo1_.exe	net.exe
PID 1652 wrote to memory of 1460	1652	net.exe	net1.exe
PID 1652 wrote to memory of 1460	1652	net.exe	net1.exe
PID 1652 wrote to memory of 1460	1652	net.exe	net1.exe
PID 1652 wrote to memory of 1460	1652	net.exe	net1.exe
PID 896 wrote to memory of 1772	896	cmd.exe	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
PID 896 wrote to memory of 1772	896	cmd.exe	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
PID 896 wrote to memory of 1772	896	cmd.exe	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
PID 896 wrote to memory of 1772	896	cmd.exe	4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
PID 972 wrote to memory of 684	972	Logo1_.exe	net.exe
PID 972 wrote to memory of 684	972	Logo1_.exe	net.exe
PID 972 wrote to memory of 684	972	Logo1_.exe	net.exe
PID 972 wrote to memory of 684	972	Logo1_.exe	net.exe
PID 684 wrote to memory of 892	684	net.exe	net1.exe
PID 684 wrote to memory of 892	684	net.exe	net1.exe
PID 684 wrote to memory of 892	684	net.exe	net1.exe
PID 684 wrote to memory of 892	684	net.exe	net1.exe
PID 972 wrote to memory of 1268	972	Logo1_.exe	Explorer.EXE
PID 972 wrote to memory of 1268	972	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
"C:\Users\Admin\AppData\Local\Temp\4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe"
2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1896

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
3⤵
- Suspicious use of WriteProcessMemory
PID:2016

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
4⤵
PID:1608

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a1843.bat
3⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:896

C:\Users\Admin\AppData\Local\Temp\4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe
"C:\Users\Admin\AppData\Local\Temp\4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe"
4⤵
- Executes dropped EXE
PID:1772

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:972

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:1652

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:1460

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:684

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:892

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$a1843.bat

Filesize
722B

MD5
5b47bc07bf9ea6c6cda0c6dee0aba26a

SHA1
7f2b400735fd50585624ce30e460d221bcfee972

SHA256
9d3831371ff9073dc75005b10e4375d267834ab51870b654c7cc0c041e7353c4

SHA512
ab109fab73bfc1e9ec89606b6ff64f20fc1ebbed3d6f97f691f459d6e4479dc2b0b3cb516a3bfbf33e4d724b4d6eb5e3ac4d047a9781fe1ea0eafb0a547c90b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe

Filesize
232KB

MD5
0399134531e9f01ad24b1bb7fde49469

SHA1
6ea25938c1ac546ac8fa768acfca145118aa4cfc

SHA256
2f03c822d9dd3ed740cc445810800fdc3a20c5ccfe5d8053bcced3b47b7afa49

SHA512
4076d674db14d196039c0a4956dbf3653b631ab6cae5f03829b0c193b0ecc9e06098acaa3a62600082bf895d2ba512846044c664d6eb5fdc4f7341086c547778

Download Submit
C:\Users\Admin\AppData\Local\Temp\4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe.exe

Filesize
232KB

MD5
0399134531e9f01ad24b1bb7fde49469

SHA1
6ea25938c1ac546ac8fa768acfca145118aa4cfc

SHA256
2f03c822d9dd3ed740cc445810800fdc3a20c5ccfe5d8053bcced3b47b7afa49

SHA512
4076d674db14d196039c0a4956dbf3653b631ab6cae5f03829b0c193b0ecc9e06098acaa3a62600082bf895d2ba512846044c664d6eb5fdc4f7341086c547778

Download Submit
C:\Windows\Logo1_.exe

Filesize
33KB

MD5
8b135ab7e86da36528896f549b2bc7b2

SHA1
219258ff7edf2b8921eeaf10706f075e5547bdc5

SHA256
84fb0405497a1b7c6e3d88e376088e91f1aa147e3d10790a5a3b8db73c126499

SHA512
feef91f0375ba744f0f9d841e14ac0daedad5871c92155107c27bce945c4b90095cde5ba71e2b10c9df82696659dff1ec10bb7f892a9717207387400a5cb48af

Download Submit
C:\Windows\Logo1_.exe

Filesize
33KB

MD5
8b135ab7e86da36528896f549b2bc7b2

SHA1
219258ff7edf2b8921eeaf10706f075e5547bdc5

SHA256
84fb0405497a1b7c6e3d88e376088e91f1aa147e3d10790a5a3b8db73c126499

SHA512
feef91f0375ba744f0f9d841e14ac0daedad5871c92155107c27bce945c4b90095cde5ba71e2b10c9df82696659dff1ec10bb7f892a9717207387400a5cb48af

Download Submit
C:\Windows\rundl132.exe

Filesize
33KB

MD5
8b135ab7e86da36528896f549b2bc7b2

SHA1
219258ff7edf2b8921eeaf10706f075e5547bdc5

SHA256
84fb0405497a1b7c6e3d88e376088e91f1aa147e3d10790a5a3b8db73c126499

SHA512
feef91f0375ba744f0f9d841e14ac0daedad5871c92155107c27bce945c4b90095cde5ba71e2b10c9df82696659dff1ec10bb7f892a9717207387400a5cb48af

Download Submit
\Users\Admin\AppData\Local\Temp\4212ebeed89736eb4b4e23ff66d1cf76f98563881ef04be5f4dc9b1118c18430.exe

Filesize
232KB

MD5
0399134531e9f01ad24b1bb7fde49469

SHA1
6ea25938c1ac546ac8fa768acfca145118aa4cfc

SHA256
2f03c822d9dd3ed740cc445810800fdc3a20c5ccfe5d8053bcced3b47b7afa49

SHA512
4076d674db14d196039c0a4956dbf3653b631ab6cae5f03829b0c193b0ecc9e06098acaa3a62600082bf895d2ba512846044c664d6eb5fdc4f7341086c547778

Download Submit
memory/684-71-0x0000000000000000-mapping.dmp

Download
memory/892-72-0x0000000000000000-mapping.dmp

Download
memory/896-57-0x0000000000000000-mapping.dmp

Download
memory/972-62-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/972-58-0x0000000000000000-mapping.dmp

Download
memory/972-73-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1460-64-0x0000000000000000-mapping.dmp

Download
memory/1608-56-0x0000000000000000-mapping.dmp

Download
memory/1652-63-0x0000000000000000-mapping.dmp

Download
memory/1772-68-0x0000000000000000-mapping.dmp

Download
memory/1896-60-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1896-54-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2016-55-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads