01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015

General

Target

01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe
Size

66KB
MD5

7ef5e8d78dc16734d27f8512cc49e443
SHA1

380e029ca49f4076f44b75bd65d88eb7e6948c47
SHA256

01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015
SHA512

d548560e78f0edb2c6cadfb14cb3b96d3836d566d7dc420546bca6fd27dc1e02fd0b102ff1cb9d06be7f50b8deb3d50447deaf1d8cd3191dbb62d5702e419f27
SSDEEP

1536:pJF3SHuJV9NBriw+d9bHrkT5gUHz7FxtJ:pJFkuJVLBrBkfkT5xHzD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exe01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe

pid process

4924 Logo1_.exe
4536 01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\zu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\versions\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\home-view\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Configuration\Registration\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\8.0.2\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\edge_feedback\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\x86\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sk-SK\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files\7-Zip\Lang\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ks_IN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\StoreLogo\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{6BB39B16-79FA-4D8E-BB79-4EFE59F95F66}\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\VisualElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\rundl132.exe	01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe
File created	C:\Windows\Logo1_.exe	01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

Logo1_.exe

pid	process
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe
4924	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exeLogo1_.exenet.execmd.exe

description	pid	process	target process
PID 3364 wrote to memory of 1084	3364	01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe	cmd.exe
PID 3364 wrote to memory of 1084	3364	01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe	cmd.exe
PID 3364 wrote to memory of 1084	3364	01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe	cmd.exe
PID 3364 wrote to memory of 4924	3364	01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe	Logo1_.exe
PID 3364 wrote to memory of 4924	3364	01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe	Logo1_.exe
PID 3364 wrote to memory of 4924	3364	01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe	Logo1_.exe
PID 4924 wrote to memory of 1164	4924	Logo1_.exe	net.exe
PID 4924 wrote to memory of 1164	4924	Logo1_.exe	net.exe
PID 4924 wrote to memory of 1164	4924	Logo1_.exe	net.exe
PID 1164 wrote to memory of 452	1164	net.exe	net1.exe
PID 1164 wrote to memory of 452	1164	net.exe	net1.exe
PID 1164 wrote to memory of 452	1164	net.exe	net1.exe
PID 1084 wrote to memory of 4536	1084	cmd.exe	01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe
PID 1084 wrote to memory of 4536	1084	cmd.exe	01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe
PID 4924 wrote to memory of 3524	4924	Logo1_.exe	Explorer.EXE
PID 4924 wrote to memory of 3524	4924	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3524
- C:\Users\Admin\AppData\Local\Temp\01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe
  "C:\Users\Admin\AppData\Local\Temp\01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3364
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE167.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe
      "C:\Users\Admin\AppData\Local\Temp\01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe"
      4⤵
      Executes dropped EXE
      PID:4536
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4924
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1164
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3624,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4428 /prefetch:8
1⤵
PID:4760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
3e470de1df977de1b6251d61cefd34c2

SHA1
c1919c8d46d9c95aab8c167b9ee4e6ac6c089a50

SHA256
cb52a481b391828464a9080ac8ed4a4daf3418176822165713179c0706a1ca27

SHA512
6e106f63747243353c7adaa2ee142ee9a260db0dc2b85e4e5c789969a777503c4508f7e7568213689d4cab4235aee0d81f54e4191997f04d1aaeb6577bc751ee

Download Submit
C:\Program Files\UnregisterWrite.exe

Filesize
840KB

MD5
48381575fd1a3a6408fcad1c9878b05a

SHA1
ffd5b8ff32758f93d3187a45233fd3b56e4468c3

SHA256
459e03c9f532f0197995a34ec0d4e9a8e79d6769f6ddb3cbce676ec99d03c1a8

SHA512
db050199c2dda1f8a8a56af921a97957799ad94eefb3b15f7d7edbe03487d4aaecec157c5445a9a9ca9878e11196435ab68ddde586d7063bddb7eb8178132f6f

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
c8d281da4c32df16eef470c27c8cb459

SHA1
00efc9f6844bfaa37c264b6452c6a7356638ab10

SHA256
058c81e5a07f2c6c33cf28dff71d07ad8f179046108d945159957e891bfd9c62

SHA512
e3c79e19f620068f668d4ebaa5097f1a95a30dabb8dce75f3787171dddbea9f684fc7ce8d1011a398f38084d7af96dd1ff9a02d25906aab9b13861b8363d24bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aE167.bat

Filesize
722B

MD5
8a16727bba7a44d1abdb7c885b791192

SHA1
2a1e0e56b9b52fdf5ca199b2b97dce2a9964c433

SHA256
8269ce2541efd9ccc1ef538d858d2ea1173f77c057380e747882b8ae72cb67f3

SHA512
8b39ee6f595296314a0b1189659ce1e492b72dd51f93b9b30087227c33d0fb3b114d8e9a854c416e456a8241c4c4c19a2e681bdb0dcd9ff2daedde4cc8fdce32

Download Submit
C:\Users\Admin\AppData\Local\Temp\01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe.exe

Filesize
36KB

MD5
9f498971cbe636662f3d210747d619e1

SHA1
44b8e2732fa1e2f204fc70eaa1cb406616250085

SHA256
8adf6748981c3e7b62f5dbca992be6675574fffbce7673743f2d7fe787d56a41

SHA512
b73083c2f7b028d2946cb8f7b4fe2289fedaa4175364a2aac37db0aeff4602aede772ccc9eba7e6dcfcb7276e52604ca45d8021952201b5834485b48bca3dc93

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
1c30b55853002b4599e0e5fa853f1329

SHA1
4e1ba89200dd04c3d7042024850deadc89a24af0

SHA256
ac0b99689ea0e6b3d5d4892871dd80175ac8e020a4d86217f968a23a608b22d6

SHA512
f475cd99a54db95649ee9ee83badf6eafb2b073867d95cf4482c2c63062df3446fb2044b7c42c924bf13eb955132379af0a25f877353e151f9ef84b66b5dc3cd

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1181767204-2009306918-3718769404-1000\_desktop.ini

Filesize
9B

MD5
ef2876ec14bdb3dc085fc3af9311b015

SHA1
68b64b46b1ff0fdc9f009d8fffb8ee87c597fa56

SHA256
ac2a34b4f2d44d19ca4269caf9f4e71cdb0b95ba8eb89ed52c5bc56eeeb1971c

SHA512
c9998caa062ad5b1da853fabb80e88e41d9f96109af89df0309be20469ca8f5be9dd1c08f3c97030e3a487732e82304f60ee2627462e017579da4204bc163c8f

Download Submit
memory/3364-10-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3364-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4924-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4924-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4924-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4924-1224-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4924-1239-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4924-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4924-4876-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4924-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4924-5321-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download

pid	process
4924	Logo1_.exe
4536	01c23aa0ccc0e3b12fa7f8f25e6b91d4c33352a2abcd1f3036ee0d33527b1015.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads