d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a

General

Target

d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe
Size

644KB
MD5

5219d2a27483ace8cb4ca13087278ba0
SHA1

00a3fb312bf43cd648065aaa87b9ad678f4813ea
SHA256

d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a
SHA512

990f6a8686d495c3af64d1d310c5fa2b322cf46d3b7ebc7654ff0d13c89a694d25a205a351773b5d648e6d446b632e068e8949f02447285e12880e3169248175
SSDEEP

12288:m7+xuFHpC49i82L5/2+xyhgGatNTxleYISSNPXu1cCS42G+GM:m78uFHs582RpxyhlgxleDNNPXu1IG+GM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exed9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe

pid process

972 Logo1_.exe
1108 d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\ImmersiveVideoPlayback\Content\Shaders\LoadedModelShaders\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hu-HU\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PSReadline\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\zh-CN\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\rundl132.exe	d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe
File created	C:\Windows\Logo1_.exe	d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

Logo1_.exe

pid	process
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe
972	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

Processes:

d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exeLogo1_.exenet.execmd.exe

description	pid	process	target process
PID 640 wrote to memory of 1164	640	d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe	cmd.exe
PID 640 wrote to memory of 1164	640	d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe	cmd.exe
PID 640 wrote to memory of 1164	640	d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe	cmd.exe
PID 640 wrote to memory of 972	640	d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe	Logo1_.exe
PID 640 wrote to memory of 972	640	d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe	Logo1_.exe
PID 640 wrote to memory of 972	640	d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe	Logo1_.exe
PID 972 wrote to memory of 5020	972	Logo1_.exe	net.exe
PID 972 wrote to memory of 5020	972	Logo1_.exe	net.exe
PID 972 wrote to memory of 5020	972	Logo1_.exe	net.exe
PID 5020 wrote to memory of 516	5020	net.exe	net1.exe
PID 5020 wrote to memory of 516	5020	net.exe	net1.exe
PID 5020 wrote to memory of 516	5020	net.exe	net1.exe
PID 1164 wrote to memory of 1108	1164	cmd.exe	d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe
PID 1164 wrote to memory of 1108	1164	cmd.exe	d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe
PID 1164 wrote to memory of 1108	1164	cmd.exe	d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe
PID 972 wrote to memory of 3452	972	Logo1_.exe	Explorer.EXE
PID 972 wrote to memory of 3452	972	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3452
- C:\Users\Admin\AppData\Local\Temp\d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe
  "C:\Users\Admin\AppData\Local\Temp\d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:640
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7937.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe
      "C:\Users\Admin\AppData\Local\Temp\d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe"
      4⤵
      Executes dropped EXE
      PID:1108
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:972
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:5020
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
2f18a99f6124cf7d16de19be9964fd3f

SHA1
31d0ce94d0e6ebed11ee1abf8d7cc55fe381a374

SHA256
71eebb659d211d9939123ca68fc3fa36364924abbcdcb47319ff8c1a717ab3c8

SHA512
1e6bd18609222ca21b30ca3ad980794daa003b02bcaf8444fbef949b4509ad1d2110a6b6b45afb420f67afc6f11ee637849a0f647686bd8935b1bc525abdc29f

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
23393ca5a4bf8d1d50b8c00605efb7e4

SHA1
0b7331be4621a8509406958ca905db0c1729c1dc

SHA256
bf8e87544eb784978aa552c4bd79920461946beb48cd01ce9450df380b752c98

SHA512
bb3034e24373a597fc981c4dffe4884c8b3c758b41ca95ede60cdbb5afebd9e922a2c149c9fd95bbffeb344eb81adad36db73e3e009c50a00fec9ebada09c1da

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a7937.bat

Filesize
722B

MD5
b8424fc788f5450a0cc29c592ca10569

SHA1
a45aaf61bbf8073abcc8a28c8f6d3b044a70aaf7

SHA256
25a93aa5b88c6f29d85e3555b178fce775089a8669bc620cf7f8b38cb4669716

SHA512
3a8b1314729f8f7384341497228ce90161d1febb1cb981e19d0eb06e1040b50ed2949577f4f2e87888059c5545aa4d76e390e37b1f8264ad09ac37ccc7aeddf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe.exe

Filesize
618KB

MD5
9326207f0b3a12689f85544195ebd3df

SHA1
00feb03e9eeb90eec5844e1283acf8c62ddfbfa6

SHA256
6796f8e6932b92c30bcb1bc1185bd5eb72d632e97225c0d3658f236a3f38275a

SHA512
2a1645038721d214d5860541f132773b6f5fe31a6c497688aa4cfb9565fae2fc50178f815bf7613d96698e201418fc9b69280077fce2a58b84cfd930391577cc

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
597d52ec25649c10ce174d99fd15772f

SHA1
872f839d522ba3dc5388f3d356b19c79d5f86ef5

SHA256
d051cd505ae4fbe7275ecfbb6f3fc0464428e0aac44bd7377990a0425fa768f0

SHA512
5f5a983a17bd1396bb7595d2fe44b1b3442586b855ed332ded0a76d52a9aa353854d3c0ff3f9c2010ed37f63e48a7603a1f5f4f11d28bbfaf9af3b1c0d84b31f

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4018855536-2201274732-320770143-1000\_desktop.ini

Filesize
9B

MD5
ef2876ec14bdb3dc085fc3af9311b015

SHA1
68b64b46b1ff0fdc9f009d8fffb8ee87c597fa56

SHA256
ac2a34b4f2d44d19ca4269caf9f4e71cdb0b95ba8eb89ed52c5bc56eeeb1971c

SHA512
c9998caa062ad5b1da853fabb80e88e41d9f96109af89df0309be20469ca8f5be9dd1c08f3c97030e3a487732e82304f60ee2627462e017579da4204bc163c8f

Download Submit
memory/640-13-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/640-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/972-27-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/972-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/972-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/972-1231-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/972-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/972-4797-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/972-11-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/972-5236-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

pid	process
972	Logo1_.exe
1108	d9321376502cd97f9f02f196c168d6a62f13ddf1408e62132180aa821476663a.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads