c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a

General

Target

c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe
Size

487KB
MD5

ecfe9c75e9eeb5256b7f117638db4984
SHA1

6d20c46202841e5c65f99ce9cdd45a38d4ab5c01
SHA256

c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a
SHA512

3383f69d7bcb2776b4351111a71dad2e0c7602ef57bc12b7139750e1a11841ea7abeb16ea90f46ab7b068dc7fe71b3c6920ff851c509743248f0c428222e8363
SSDEEP

6144:mUuJoz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV4:f1gL5pRTcAkS/3hzN8qE43fm78V

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exec327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe

pid process

3780 Logo1_.exe
4428 c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\pt-BR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\MEIPreload\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\Notifications\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\identity_proxy\win11\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\Update\Download\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\7-Zip\Lang\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Toolkit\Images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\dc-annotations\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\edge_feedback\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\Notifications\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\PdfPreview\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\ThankYou\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\rundl132.exe	c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe
File created	C:\Windows\Logo1_.exe	c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

Logo1_.exe

pid	process
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe
3780	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exeLogo1_.exenet.execmd.exe

description	pid	process	target process
PID 4140 wrote to memory of 3112	4140	c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe	cmd.exe
PID 4140 wrote to memory of 3112	4140	c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe	cmd.exe
PID 4140 wrote to memory of 3112	4140	c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe	cmd.exe
PID 4140 wrote to memory of 3780	4140	c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe	Logo1_.exe
PID 4140 wrote to memory of 3780	4140	c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe	Logo1_.exe
PID 4140 wrote to memory of 3780	4140	c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe	Logo1_.exe
PID 3780 wrote to memory of 536	3780	Logo1_.exe	net.exe
PID 3780 wrote to memory of 536	3780	Logo1_.exe	net.exe
PID 3780 wrote to memory of 536	3780	Logo1_.exe	net.exe
PID 536 wrote to memory of 4896	536	net.exe	net1.exe
PID 536 wrote to memory of 4896	536	net.exe	net1.exe
PID 536 wrote to memory of 4896	536	net.exe	net1.exe
PID 3112 wrote to memory of 4428	3112	cmd.exe	c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe
PID 3112 wrote to memory of 4428	3112	cmd.exe	c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe
PID 3780 wrote to memory of 3384	3780	Logo1_.exe	Explorer.EXE
PID 3780 wrote to memory of 3384	3780	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe
"C:\Users\Admin\AppData\Local\Temp\c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe"
2⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4140

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF935.bat
3⤵
- Suspicious use of WriteProcessMemory
PID:3112

C:\Users\Admin\AppData\Local\Temp\c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe
"C:\Users\Admin\AppData\Local\Temp\c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe"
4⤵
- Executes dropped EXE
PID:4428

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3780

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:536

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:4896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:376

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
Filesize
254KB

MD5
8b9d754f6a062a360f1eca184e4360bd

SHA1
29dff755cbcee35a9daf3b7a548b569c1126b616

SHA256
e17ac11d2dd6a2fa4d9adb98701499f6a0c7f748830c98f6d780cdf1a0af6789

SHA512
2722e3e400b4b27ef20c7a96b64d98fdc729a48b3f199ad87dbf3cef5912b58c6604a2b69f737ef211093b9c0ec99bbc7d5885a07f61a619d4492b5ffbe198ef

Download Submit
C:\Program Files\7-Zip\7z.exe
Filesize
573KB

MD5
0510972a56306a9d506bf1dbf5077bc7

SHA1
80068ca53a5fd64daa2939eb3e720939049b316d

SHA256
0103cc134469aeb076a1c452f6d4e6987932edda026b7b21c8904a672ff437d6

SHA512
691066bbf9409ffd1084903f7180ecb83922dd462e7d9c0ef5cd0281597bafc874a138830c59cbaf727e3b97084366b213a5b570dc2558f11c95e1fd2f83211e

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aF935.bat
Filesize
722B

MD5
5b1e790aa8d2f5b121e56ae2a1e88fbb

SHA1
3e769e64655ac272ef7bd5695152d4b4c6adc365

SHA256
a474510a5aceac58205fe83eea8fd325686d9386f2ad31cd9d8e9eab3cf19dde

SHA512
22c042ed697eaf93f8e4d573d4f81eefa220687a80f7df5065a282f3e1a68abd802a70c355ae87d4c257ec2b2710c076bbddc4dda5ef050546e0464963a302bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe.exe
Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Windows\Logo1_.exe
Filesize
29KB

MD5
24743dc5d84b6ed4f72fe9d489cdc87d

SHA1
0617cf95dbb842ac82434416264c2a8e4cc2e9b0

SHA256
c1d1c76da5241e76615ed163fa7b64feca7463f70cd4f615459788da4705a73d

SHA512
e1b1f1815c661d4287dbfe2f485fbcff90c96e0cd5905a5701527b54fcd36e6cb93f49ce87369a669bc2c5753d78d0af7c889076062f53557600250bb498c25a

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\_desktop.ini
Filesize
9B

MD5
7d02194d5f21d1288ee3e3f595122aba

SHA1
68e51fcc75148bf51da5ad67c7137b85946fc393

SHA256
a4da2cd5e1bd5b7cc915b0572d2805cb074c16122fa7e5a41fbc1203aafc3416

SHA512
b5aba933dbbe76d9c49da7e4bd9aa8449f164d1a6563feb65e795fd497f42a5c8cc317186adf817990a180e46499987a7403b68b0b089a38ccda0fc9f2dd6c1c

Download Submit
memory/3780-34-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3780-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3780-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3780-38-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3780-43-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3780-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3780-172-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3780-1182-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3780-1508-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3780-3388-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4140-11-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4140-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download

pid	process
3780	Logo1_.exe
4428	c327913da3050e7071752e30c1d8885bb5cd53c6641ef9683e0d70cc3366020a.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads