b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec

General

Target

b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe
Size

227KB
MD5

f38342e05385365051744d9ba2cc8d26
SHA1

1eb90fe25389a3d386b110a4bd754ffc60a3fc02
SHA256

b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec
SHA512

c51395df4d81d3065ff8449de5cb901c538f1fd8790fd16f04aaefeb2b724b0c68027c79f07017926f932386d3b5611d6280e5f92d8472d77e6e10d719b9da96
SSDEEP

6144:PCuJWdeKzC/leySe8AIqpoHbnDns1ND9m:W/VyV8hEoHbI3A

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exeb70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe

pid process

2476 Logo1_.exe
3624 b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\css\fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Mail\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\swidtag\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\bg-BG\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\id-ID\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x64\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fa\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\sd\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\GameBar.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\eo\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

Logo1_.exeb70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe

description	ioc	process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe
File created	C:\Windows\Logo1_.exe	b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

Logo1_.exe

pid	process
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe
2476	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

Processes:

b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exeLogo1_.exenet.execmd.exe

description	pid	process	target process
PID 3264 wrote to memory of 1156	3264	b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe	cmd.exe
PID 3264 wrote to memory of 1156	3264	b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe	cmd.exe
PID 3264 wrote to memory of 1156	3264	b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe	cmd.exe
PID 3264 wrote to memory of 2476	3264	b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe	Logo1_.exe
PID 3264 wrote to memory of 2476	3264	b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe	Logo1_.exe
PID 3264 wrote to memory of 2476	3264	b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe	Logo1_.exe
PID 2476 wrote to memory of 3300	2476	Logo1_.exe	net.exe
PID 2476 wrote to memory of 3300	2476	Logo1_.exe	net.exe
PID 2476 wrote to memory of 3300	2476	Logo1_.exe	net.exe
PID 3300 wrote to memory of 5000	3300	net.exe	net1.exe
PID 3300 wrote to memory of 5000	3300	net.exe	net1.exe
PID 3300 wrote to memory of 5000	3300	net.exe	net1.exe
PID 1156 wrote to memory of 3624	1156	cmd.exe	b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe
PID 1156 wrote to memory of 3624	1156	cmd.exe	b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe
PID 1156 wrote to memory of 3624	1156	cmd.exe	b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe
PID 2476 wrote to memory of 3480	2476	Logo1_.exe	Explorer.EXE
PID 2476 wrote to memory of 3480	2476	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe
"C:\Users\Admin\AppData\Local\Temp\b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe"
2⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3264

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a45F2.bat
3⤵
- Suspicious use of WriteProcessMemory
PID:1156

C:\Users\Admin\AppData\Local\Temp\b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe
"C:\Users\Admin\AppData\Local\Temp\b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe"
4⤵
- Executes dropped EXE
PID:3624

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2476

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:3300

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:5000

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
Filesize
254KB

MD5
3e470de1df977de1b6251d61cefd34c2

SHA1
c1919c8d46d9c95aab8c167b9ee4e6ac6c089a50

SHA256
cb52a481b391828464a9080ac8ed4a4daf3418176822165713179c0706a1ca27

SHA512
6e106f63747243353c7adaa2ee142ee9a260db0dc2b85e4e5c789969a777503c4508f7e7568213689d4cab4235aee0d81f54e4191997f04d1aaeb6577bc751ee

Download Submit
C:\Program Files\7-Zip\7z.exe
Filesize
573KB

MD5
faf14806357bd5b9378f45d6fd833af3

SHA1
49aeb39dd63f79f98fb63dfe881479bb444a34ca

SHA256
cc9f3fbe27bdea68de4db3d43fb5c88be4f3d7e7bd69b045cb64ecae88115e6d

SHA512
73c63c1d4d02e82ae931c6dc0a290a52707dbf3f1a52b8e896ccd0fe3dec3c6f7c56999eda2078dfdbd2d3375df93ee7cb9b8b1c08860ca45520c3edfb0d35b0

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
Filesize
639KB

MD5
c8d281da4c32df16eef470c27c8cb459

SHA1
00efc9f6844bfaa37c264b6452c6a7356638ab10

SHA256
058c81e5a07f2c6c33cf28dff71d07ad8f179046108d945159957e891bfd9c62

SHA512
e3c79e19f620068f668d4ebaa5097f1a95a30dabb8dce75f3787171dddbea9f684fc7ce8d1011a398f38084d7af96dd1ff9a02d25906aab9b13861b8363d24bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a45F2.bat
Filesize
722B

MD5
ed428fb7053c694686b7807a53a0a84d

SHA1
c9f732c3b5e1d456e5de7396045ed0f5ddce1d27

SHA256
3414d05833547d0dd23a827ffd840919d59a7f200c6c3f91d510ed9eb0645072

SHA512
ff0bb91dfb70065ecc3240ceaa2529fe23c62fda2ddab5249ab7a6e3742b67a6c4902c765f8a1d87efa06f05157f1e936f80073103b0caeaea0061efd7e2ae7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe.exe
Filesize
198KB

MD5
e133c2d85cff4edd7fe8e8f0f8be6cdb

SHA1
b8269209ebb6fe44bc50dab35f97b0ae244701b4

SHA256
6c5e7d9c81a409e67c143cd3aed33bddc3967fa4c9ab3b98560b7d3bf57d093d

SHA512
701b7d1c7e154519d77043f7de09d60c1ff76c95f820fc1c9afca19724efb0847d646686053354156fd4e8a9dab1f29a79d3223f939a3ff1b3613770dc8603b1

Download Submit
C:\Windows\rundl132.exe
Filesize
29KB

MD5
1c30b55853002b4599e0e5fa853f1329

SHA1
4e1ba89200dd04c3d7042024850deadc89a24af0

SHA256
ac0b99689ea0e6b3d5d4892871dd80175ac8e020a4d86217f968a23a608b22d6

SHA512
f475cd99a54db95649ee9ee83badf6eafb2b073867d95cf4482c2c63062df3446fb2044b7c42c924bf13eb955132379af0a25f877353e151f9ef84b66b5dc3cd

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\_desktop.ini
Filesize
9B

MD5
ef2876ec14bdb3dc085fc3af9311b015

SHA1
68b64b46b1ff0fdc9f009d8fffb8ee87c597fa56

SHA256
ac2a34b4f2d44d19ca4269caf9f4e71cdb0b95ba8eb89ed52c5bc56eeeb1971c

SHA512
c9998caa062ad5b1da853fabb80e88e41d9f96109af89df0309be20469ca8f5be9dd1c08f3c97030e3a487732e82304f60ee2627462e017579da4204bc163c8f

Download Submit
memory/2476-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2476-32-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2476-36-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2476-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2476-1075-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2476-1231-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2476-12-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2476-4796-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2476-5235-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3264-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3264-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download

pid	process
2476	Logo1_.exe
3624	b70b485d235011f52419aad037cb2adaa8f4584206b07ea35137a11907b7c6ec.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads