3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e

General

Target

3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
Size

58KB
MD5

2fd8bd94ec8b0c1826993a7b51957810
SHA1

03fec5b4fae4b00f3a256d3d902f2a1562feb220
SHA256

3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e
SHA512

1d1478a97805b2052b5bce6c13d1b254439bb4943dfce2ff8f25e2b214f6130028488b72cec78da4747dccf4aba7f56c8e1dd01aef7d3c09a463c767481d05d4
SSDEEP

1536:PnXyAaYzMXqtGNttyUn01Q78a4RiZ/7Xn1nlMtI:PnCAaY46tGNttyJQ7KRiZ/7X1+tI

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

Processes:

3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exeLogo1_.exe

description	ioc	process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	Logo1_.exe

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exe3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe

pid process

972 Logo1_.exe
1668 3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1904 cmd.exe
Loads dropped DLL 2 IoCs

Processes:

cmd.exe

pid process

1904 cmd.exe
1904 cmd.exe

pid	process
972	Logo1_.exe
1668	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe

pid	process
1904	cmd.exe

pid	process
1904	cmd.exe
1904	cmd.exe

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\F:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\browser\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\WMPDMC.exe	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\af\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\bin\server\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\Chess.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\et\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe	Logo1_.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\rundl132.exe	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
File created	C:\Windows\Logo1_.exe	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\Dll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 43 IoCs

Processes:

3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exeLogo1_.exe

pid	process
552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe

Suspicious use of WriteProcessMemory 38 IoCs

Processes:

3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exenet.exeLogo1_.exenet.execmd.exenet.exe

description	pid	process	target process
PID 552 wrote to memory of 1536	552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe	net.exe
PID 552 wrote to memory of 1536	552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe	net.exe
PID 552 wrote to memory of 1536	552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe	net.exe
PID 552 wrote to memory of 1536	552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe	net.exe
PID 1536 wrote to memory of 1896	1536	net.exe	net1.exe
PID 1536 wrote to memory of 1896	1536	net.exe	net1.exe
PID 1536 wrote to memory of 1896	1536	net.exe	net1.exe
PID 1536 wrote to memory of 1896	1536	net.exe	net1.exe
PID 552 wrote to memory of 1904	552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe	cmd.exe
PID 552 wrote to memory of 1904	552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe	cmd.exe
PID 552 wrote to memory of 1904	552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe	cmd.exe
PID 552 wrote to memory of 1904	552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe	cmd.exe
PID 552 wrote to memory of 972	552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe	Logo1_.exe
PID 552 wrote to memory of 972	552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe	Logo1_.exe
PID 552 wrote to memory of 972	552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe	Logo1_.exe
PID 552 wrote to memory of 972	552	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe	Logo1_.exe
PID 972 wrote to memory of 2008	972	Logo1_.exe	net.exe
PID 972 wrote to memory of 2008	972	Logo1_.exe	net.exe
PID 972 wrote to memory of 2008	972	Logo1_.exe	net.exe
PID 972 wrote to memory of 2008	972	Logo1_.exe	net.exe
PID 2008 wrote to memory of 1976	2008	net.exe	net1.exe
PID 2008 wrote to memory of 1976	2008	net.exe	net1.exe
PID 2008 wrote to memory of 1976	2008	net.exe	net1.exe
PID 2008 wrote to memory of 1976	2008	net.exe	net1.exe
PID 1904 wrote to memory of 1668	1904	cmd.exe	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
PID 1904 wrote to memory of 1668	1904	cmd.exe	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
PID 1904 wrote to memory of 1668	1904	cmd.exe	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
PID 1904 wrote to memory of 1668	1904	cmd.exe	3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
PID 972 wrote to memory of 1776	972	Logo1_.exe	net.exe
PID 972 wrote to memory of 1776	972	Logo1_.exe	net.exe
PID 972 wrote to memory of 1776	972	Logo1_.exe	net.exe
PID 972 wrote to memory of 1776	972	Logo1_.exe	net.exe
PID 1776 wrote to memory of 580	1776	net.exe	net1.exe
PID 1776 wrote to memory of 580	1776	net.exe	net1.exe
PID 1776 wrote to memory of 580	1776	net.exe	net1.exe
PID 1776 wrote to memory of 580	1776	net.exe	net1.exe
PID 972 wrote to memory of 1300	972	Logo1_.exe	Explorer.EXE
PID 972 wrote to memory of 1300	972	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
"C:\Users\Admin\AppData\Local\Temp\3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe"
2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:552

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
3⤵
- Suspicious use of WriteProcessMemory
PID:1536

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
4⤵
PID:1896

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a86CD.bat
3⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1904

C:\Users\Admin\AppData\Local\Temp\3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe
"C:\Users\Admin\AppData\Local\Temp\3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe"
4⤵
- Executes dropped EXE
PID:1668

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:972

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:2008

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:1976

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:1776

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:580

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$a86CD.bat

Filesize
722B

MD5
21c66609b64165035e726d4aa8695cc9

SHA1
eaf6cba5ffb90cae92b2a1a0507999402a433a82

SHA256
c3e85d25a1633355232e589e36fef10d9374e2a82320a0d5083e1826829f9e90

SHA512
0882b148eeb77833406e5bcd2872d6a96d062107ef4cb02126e4f11bd77f1eddea5557db83a69baf8e857b1e097cad7ecc777c95573bc397406573e65f9175e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe

Filesize
25KB

MD5
123d872b188d32af8c3133250060b071

SHA1
26fdd3b97f1a48bbdf31dc2a2922a6817a956b3c

SHA256
38aff1a95ee8fffb0c59670da15d6740ab855b106350cc428125a569c18b6fa2

SHA512
67eeea2ca1508d84d21d46989c7530505247bbea497b4ff09c57228a599420754fd0bb78a993be19ad6d8d19777e8203f8ddfa9be05ea1bff7a0feea05d1a12c

Download Submit
C:\Users\Admin\AppData\Local\Temp\3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe.exe

Filesize
25KB

MD5
123d872b188d32af8c3133250060b071

SHA1
26fdd3b97f1a48bbdf31dc2a2922a6817a956b3c

SHA256
38aff1a95ee8fffb0c59670da15d6740ab855b106350cc428125a569c18b6fa2

SHA512
67eeea2ca1508d84d21d46989c7530505247bbea497b4ff09c57228a599420754fd0bb78a993be19ad6d8d19777e8203f8ddfa9be05ea1bff7a0feea05d1a12c

Download Submit
C:\Windows\Logo1_.exe

Filesize
33KB

MD5
9bfb664a030be9c7e0b09b77b9544923

SHA1
e0b5e4d2d089f71d13fb46607a76dac8ee96e5f3

SHA256
e79be27d4144facf4b2189e8c51bb19ce8bc6b8e40012e557a943d5b75a41e85

SHA512
c794bb95e6b591b1a877776e84bed36049c73ab05ab86869b4da3cd6db5a57c8b4e6816d8a1ca14b94c3e17e6a6aa29f8d736e5fe7930a175b31338883c89c92

Download Submit
C:\Windows\Logo1_.exe

Filesize
33KB

MD5
9bfb664a030be9c7e0b09b77b9544923

SHA1
e0b5e4d2d089f71d13fb46607a76dac8ee96e5f3

SHA256
e79be27d4144facf4b2189e8c51bb19ce8bc6b8e40012e557a943d5b75a41e85

SHA512
c794bb95e6b591b1a877776e84bed36049c73ab05ab86869b4da3cd6db5a57c8b4e6816d8a1ca14b94c3e17e6a6aa29f8d736e5fe7930a175b31338883c89c92

Download Submit
C:\Windows\rundl132.exe

Filesize
33KB

MD5
9bfb664a030be9c7e0b09b77b9544923

SHA1
e0b5e4d2d089f71d13fb46607a76dac8ee96e5f3

SHA256
e79be27d4144facf4b2189e8c51bb19ce8bc6b8e40012e557a943d5b75a41e85

SHA512
c794bb95e6b591b1a877776e84bed36049c73ab05ab86869b4da3cd6db5a57c8b4e6816d8a1ca14b94c3e17e6a6aa29f8d736e5fe7930a175b31338883c89c92

Download Submit
\Users\Admin\AppData\Local\Temp\3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe

Filesize
25KB

MD5
123d872b188d32af8c3133250060b071

SHA1
26fdd3b97f1a48bbdf31dc2a2922a6817a956b3c

SHA256
38aff1a95ee8fffb0c59670da15d6740ab855b106350cc428125a569c18b6fa2

SHA512
67eeea2ca1508d84d21d46989c7530505247bbea497b4ff09c57228a599420754fd0bb78a993be19ad6d8d19777e8203f8ddfa9be05ea1bff7a0feea05d1a12c

Download Submit
\Users\Admin\AppData\Local\Temp\3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e.exe

Filesize
25KB

MD5
123d872b188d32af8c3133250060b071

SHA1
26fdd3b97f1a48bbdf31dc2a2922a6817a956b3c

SHA256
38aff1a95ee8fffb0c59670da15d6740ab855b106350cc428125a569c18b6fa2

SHA512
67eeea2ca1508d84d21d46989c7530505247bbea497b4ff09c57228a599420754fd0bb78a993be19ad6d8d19777e8203f8ddfa9be05ea1bff7a0feea05d1a12c

Download Submit
memory/552-54-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/552-57-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/552-61-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/580-74-0x0000000000000000-mapping.dmp

Download
memory/972-71-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/972-59-0x0000000000000000-mapping.dmp

Download
memory/972-75-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1536-55-0x0000000000000000-mapping.dmp

Download
memory/1668-69-0x0000000000000000-mapping.dmp

Download
memory/1776-73-0x0000000000000000-mapping.dmp

Download
memory/1896-56-0x0000000000000000-mapping.dmp

Download
memory/1904-58-0x0000000000000000-mapping.dmp

Download
memory/1976-64-0x0000000000000000-mapping.dmp

Download
memory/2008-63-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads