a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414

General

Target

a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
Size

263KB
MD5

1ec133906208ca7c71adc01d58121850
SHA1

20b1cf2a5ab9bcdf40ee36acd87b2f0d21143346
SHA256

a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414
SHA512

99d2b394fefc555558b55cde13ecff463ce14dd6fb7ffc4d587e656c390064bfa96c148291d36f7363404f125707915166e01cc520c829f693a7370dd048ea80
SSDEEP

6144:646tGdyyqnzuWFok3WCgKq7RQ+XUPMPLbWR5I4+2:63Ny2xok385XU8L0J+2

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

Processes:

a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exeLogo1_.exe

description	ioc	process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	Logo1_.exe

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exea3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe

pid process

1560 Logo1_.exe
1696 a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1032 cmd.exe
Loads dropped DLL 2 IoCs

Processes:

cmd.exe

pid process

1032 cmd.exe
1032 cmd.exe

pid	process
1560	Logo1_.exe
1696	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe

pid	process
1032	cmd.exe

pid	process
1032	cmd.exe
1032	cmd.exe

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\F:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jre7\lib\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\an\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\en_GB\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Defender\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe	Logo1_.exe
File created	C:\Program Files\MSBuild\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Mail\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\amd64\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\More Games\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\MSBuild\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

Logo1_.exea3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe

description	ioc	process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\Dll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
File created	C:\Windows\Logo1_.exe	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 43 IoCs

Processes:

a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exeLogo1_.exe

pid	process
976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe
1560	Logo1_.exe

Suspicious use of WriteProcessMemory 38 IoCs

Processes:

a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exenet.exeLogo1_.exenet.exenet.execmd.exe

description	pid	process	target process
PID 976 wrote to memory of 964	976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe	net.exe
PID 976 wrote to memory of 964	976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe	net.exe
PID 976 wrote to memory of 964	976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe	net.exe
PID 976 wrote to memory of 964	976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe	net.exe
PID 964 wrote to memory of 1200	964	net.exe	net1.exe
PID 964 wrote to memory of 1200	964	net.exe	net1.exe
PID 964 wrote to memory of 1200	964	net.exe	net1.exe
PID 964 wrote to memory of 1200	964	net.exe	net1.exe
PID 976 wrote to memory of 1032	976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe	cmd.exe
PID 976 wrote to memory of 1032	976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe	cmd.exe
PID 976 wrote to memory of 1032	976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe	cmd.exe
PID 976 wrote to memory of 1032	976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe	cmd.exe
PID 976 wrote to memory of 1560	976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe	Logo1_.exe
PID 976 wrote to memory of 1560	976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe	Logo1_.exe
PID 976 wrote to memory of 1560	976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe	Logo1_.exe
PID 976 wrote to memory of 1560	976	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe	Logo1_.exe
PID 1560 wrote to memory of 1568	1560	Logo1_.exe	net.exe
PID 1560 wrote to memory of 1568	1560	Logo1_.exe	net.exe
PID 1560 wrote to memory of 1568	1560	Logo1_.exe	net.exe
PID 1560 wrote to memory of 1568	1560	Logo1_.exe	net.exe
PID 1568 wrote to memory of 1888	1568	net.exe	net1.exe
PID 1568 wrote to memory of 1888	1568	net.exe	net1.exe
PID 1568 wrote to memory of 1888	1568	net.exe	net1.exe
PID 1568 wrote to memory of 1888	1568	net.exe	net1.exe
PID 1560 wrote to memory of 1660	1560	Logo1_.exe	net.exe
PID 1560 wrote to memory of 1660	1560	Logo1_.exe	net.exe
PID 1560 wrote to memory of 1660	1560	Logo1_.exe	net.exe
PID 1560 wrote to memory of 1660	1560	Logo1_.exe	net.exe
PID 1660 wrote to memory of 1704	1660	net.exe	net1.exe
PID 1660 wrote to memory of 1704	1660	net.exe	net1.exe
PID 1660 wrote to memory of 1704	1660	net.exe	net1.exe
PID 1660 wrote to memory of 1704	1660	net.exe	net1.exe
PID 1032 wrote to memory of 1696	1032	cmd.exe	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
PID 1032 wrote to memory of 1696	1032	cmd.exe	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
PID 1032 wrote to memory of 1696	1032	cmd.exe	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
PID 1032 wrote to memory of 1696	1032	cmd.exe	a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
PID 1560 wrote to memory of 1232	1560	Logo1_.exe	Explorer.EXE
PID 1560 wrote to memory of 1232	1560	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1232

C:\Users\Admin\AppData\Local\Temp\a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
"C:\Users\Admin\AppData\Local\Temp\a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe"
2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:976

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
3⤵
- Suspicious use of WriteProcessMemory
PID:964

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
4⤵
PID:1200

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$aFC4A.bat
3⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1032

C:\Users\Admin\AppData\Local\Temp\a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe
"C:\Users\Admin\AppData\Local\Temp\a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe"
4⤵
- Executes dropped EXE
PID:1696

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1560

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:1568

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:1888

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:1660

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:1704

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$aFC4A.bat

Filesize
722B

MD5
9bcc546cb6ea6dbc4e1bf7dcd8fd92ce

SHA1
8ef62755931f901f5c5cce810c03acb3291d878b

SHA256
ed70c7b095ba369727c0b24361d31ff2b69991df7378267fdbb18fcccc2cd2a2

SHA512
85ca2abff5829ed9622a89752da4703258076b405cb240356345afc0b94d1d2dca298880383a28637b6256e599f1bebb00263844fca71b04ec7312b718cb02ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe

Filesize
229KB

MD5
e71e6996d04b0afe7f78af232cc0dc30

SHA1
3a6799d9579ce63b85397fd5e9f027135bd85724

SHA256
587e1ddb514ec71979041982e1e53311fbc502c53c9113fd7b9820bbb8256d04

SHA512
cc3f117d16e8068d18615aa5bc38c4ebc7824cd33a2cca629cc07e25e3ac403dafe04de345379287b3795331f3c200585b73f93ce5823d7b545263510ee4baf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe.exe

Filesize
229KB

MD5
e71e6996d04b0afe7f78af232cc0dc30

SHA1
3a6799d9579ce63b85397fd5e9f027135bd85724

SHA256
587e1ddb514ec71979041982e1e53311fbc502c53c9113fd7b9820bbb8256d04

SHA512
cc3f117d16e8068d18615aa5bc38c4ebc7824cd33a2cca629cc07e25e3ac403dafe04de345379287b3795331f3c200585b73f93ce5823d7b545263510ee4baf4

Download Submit
C:\Windows\Logo1_.exe

Filesize
33KB

MD5
3b2ab16367a1ff2698d95ace66a0baa3

SHA1
9a0afe324f657ce47b601c4c18fd60da2c8ef8ed

SHA256
4fb1b9ad649fe614f9286e5474dc810f0924d3adc13ce608eff4abbfee3fcaa1

SHA512
42d1167983d7507f06821efc2caa2cf263bbbf59933a4b39399901127cb2877eef8cea27d32b1c95fb0d92a43db85132aedee88b90a6abf67eec9ac6ce9dfa6a

Download Submit
C:\Windows\Logo1_.exe

Filesize
33KB

MD5
3b2ab16367a1ff2698d95ace66a0baa3

SHA1
9a0afe324f657ce47b601c4c18fd60da2c8ef8ed

SHA256
4fb1b9ad649fe614f9286e5474dc810f0924d3adc13ce608eff4abbfee3fcaa1

SHA512
42d1167983d7507f06821efc2caa2cf263bbbf59933a4b39399901127cb2877eef8cea27d32b1c95fb0d92a43db85132aedee88b90a6abf67eec9ac6ce9dfa6a

Download Submit
C:\Windows\rundl132.exe

Filesize
33KB

MD5
3b2ab16367a1ff2698d95ace66a0baa3

SHA1
9a0afe324f657ce47b601c4c18fd60da2c8ef8ed

SHA256
4fb1b9ad649fe614f9286e5474dc810f0924d3adc13ce608eff4abbfee3fcaa1

SHA512
42d1167983d7507f06821efc2caa2cf263bbbf59933a4b39399901127cb2877eef8cea27d32b1c95fb0d92a43db85132aedee88b90a6abf67eec9ac6ce9dfa6a

Download Submit
\Users\Admin\AppData\Local\Temp\a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe

Filesize
229KB

MD5
e71e6996d04b0afe7f78af232cc0dc30

SHA1
3a6799d9579ce63b85397fd5e9f027135bd85724

SHA256
587e1ddb514ec71979041982e1e53311fbc502c53c9113fd7b9820bbb8256d04

SHA512
cc3f117d16e8068d18615aa5bc38c4ebc7824cd33a2cca629cc07e25e3ac403dafe04de345379287b3795331f3c200585b73f93ce5823d7b545263510ee4baf4

Download Submit
\Users\Admin\AppData\Local\Temp\a3aa0d4c316eadee4d773119b80300f589b0628b9335e8c9991577cb6cb7f414.exe

Filesize
229KB

MD5
e71e6996d04b0afe7f78af232cc0dc30

SHA1
3a6799d9579ce63b85397fd5e9f027135bd85724

SHA256
587e1ddb514ec71979041982e1e53311fbc502c53c9113fd7b9820bbb8256d04

SHA512
cc3f117d16e8068d18615aa5bc38c4ebc7824cd33a2cca629cc07e25e3ac403dafe04de345379287b3795331f3c200585b73f93ce5823d7b545263510ee4baf4

Download Submit
memory/964-55-0x0000000000000000-mapping.dmp

Download
memory/976-54-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/976-57-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1032-58-0x0000000000000000-mapping.dmp

Download
memory/1200-56-0x0000000000000000-mapping.dmp

Download
memory/1560-59-0x0000000000000000-mapping.dmp

Download
memory/1560-64-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1560-75-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1568-62-0x0000000000000000-mapping.dmp

Download
memory/1660-66-0x0000000000000000-mapping.dmp

Download
memory/1696-72-0x0000000000000000-mapping.dmp

Download
memory/1696-74-0x0000000075E61000-0x0000000075E63000-memory.dmp

Filesize
8KB

Download
memory/1704-67-0x0000000000000000-mapping.dmp

Download
memory/1888-63-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads