be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16

General

Target

be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
Size

70KB
MD5

9b5e3afec7f6424af3b48ff46ff4e46d
SHA1

565d745139f60287cbf9bed567f38c11aa78ce3a
SHA256

be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16
SHA512

15ae6f2a7b1c7b3b3777e0a4d1c3861e4c60287c2d357b528bb545451360842c26e15979a4892953a0e9f9a480c8f7c6510bd1be4b44f7c24843d56bb8ee6c7d
SSDEEP

1536:PFaYzMXqtGNttyUn01Q78a4Rwriw+d9bHrkT5gUHz7FxtJ:PFaY46tGNttyJQ7KRwrBkfkT5xHzD

Score

8^/10

spyware stealer

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

Processes:

Logo1_.exebe068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe

description	ioc	process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	Logo1_.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

2604 cmd.exe
Executes dropped EXE 2 IoCs

Processes:

Logo1_.exebe068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe

pid process

2608 Logo1_.exe
2832 be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
Loads dropped DLL 1 IoCs

Processes:

cmd.exe

pid process

2604 cmd.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
2604	cmd.exe

pid	process
2608	Logo1_.exe
2832	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe

pid	process
2604	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Minesweeper\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Mail\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\deploy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Mail\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\DataType\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Defender\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javaw.exe	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Journal\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Mail\wabmig.exe	Logo1_.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\rundl132.exe	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
File created	C:\Windows\Logo1_.exe	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\Dll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 43 IoCs

Processes:

be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exeLogo1_.exe

pid	process
1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe
2608	Logo1_.exe

Suspicious use of WriteProcessMemory 38 IoCs

Processes:

be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exenet.exeLogo1_.exenet.execmd.exenet.exe

description	pid	process	target process
PID 1516 wrote to memory of 2104	1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe	net.exe
PID 1516 wrote to memory of 2104	1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe	net.exe
PID 1516 wrote to memory of 2104	1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe	net.exe
PID 1516 wrote to memory of 2104	1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe	net.exe
PID 2104 wrote to memory of 2492	2104	net.exe	net1.exe
PID 2104 wrote to memory of 2492	2104	net.exe	net1.exe
PID 2104 wrote to memory of 2492	2104	net.exe	net1.exe
PID 2104 wrote to memory of 2492	2104	net.exe	net1.exe
PID 1516 wrote to memory of 2604	1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe	cmd.exe
PID 1516 wrote to memory of 2604	1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe	cmd.exe
PID 1516 wrote to memory of 2604	1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe	cmd.exe
PID 1516 wrote to memory of 2604	1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe	cmd.exe
PID 1516 wrote to memory of 2608	1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe	Logo1_.exe
PID 1516 wrote to memory of 2608	1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe	Logo1_.exe
PID 1516 wrote to memory of 2608	1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe	Logo1_.exe
PID 1516 wrote to memory of 2608	1516	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe	Logo1_.exe
PID 2608 wrote to memory of 2208	2608	Logo1_.exe	net.exe
PID 2608 wrote to memory of 2208	2608	Logo1_.exe	net.exe
PID 2608 wrote to memory of 2208	2608	Logo1_.exe	net.exe
PID 2608 wrote to memory of 2208	2608	Logo1_.exe	net.exe
PID 2208 wrote to memory of 2748	2208	net.exe	net1.exe
PID 2208 wrote to memory of 2748	2208	net.exe	net1.exe
PID 2208 wrote to memory of 2748	2208	net.exe	net1.exe
PID 2208 wrote to memory of 2748	2208	net.exe	net1.exe
PID 2604 wrote to memory of 2832	2604	cmd.exe	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
PID 2604 wrote to memory of 2832	2604	cmd.exe	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
PID 2604 wrote to memory of 2832	2604	cmd.exe	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
PID 2604 wrote to memory of 2832	2604	cmd.exe	be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
PID 2608 wrote to memory of 2668	2608	Logo1_.exe	net.exe
PID 2608 wrote to memory of 2668	2608	Logo1_.exe	net.exe
PID 2608 wrote to memory of 2668	2608	Logo1_.exe	net.exe
PID 2608 wrote to memory of 2668	2608	Logo1_.exe	net.exe
PID 2668 wrote to memory of 2432	2668	net.exe	net1.exe
PID 2668 wrote to memory of 2432	2668	net.exe	net1.exe
PID 2668 wrote to memory of 2432	2668	net.exe	net1.exe
PID 2668 wrote to memory of 2432	2668	net.exe	net1.exe
PID 2608 wrote to memory of 1144	2608	Logo1_.exe	Explorer.EXE
PID 2608 wrote to memory of 1144	2608	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1144

C:\Users\Admin\AppData\Local\Temp\be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
"C:\Users\Admin\AppData\Local\Temp\be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe"
2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1516

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
3⤵
- Suspicious use of WriteProcessMemory
PID:2104

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
4⤵
PID:2492

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a1AD1.bat
3⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2604

C:\Users\Admin\AppData\Local\Temp\be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe
"C:\Users\Admin\AppData\Local\Temp\be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe"
4⤵
- Executes dropped EXE
PID:2832

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2608

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:2208

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:2748

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:2668

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
478KB

MD5
e93193856beaecee9905e2a6f36be17f

SHA1
d4c267ea34f28f048e29461656984aad70912eda

SHA256
1d345f4e09acdbc12e63ce90d0bd373b56d50a378f4603d8425f6df815e44a7b

SHA512
1fbe9c0e86ad98d6a2a7924badec0fffc69a7d0a4839e8af45d0aedf1e4e24a4a798df0ec5b8d0aa6e0e566c0c83a4030549bd32b9ac27406fc772d4a2ff5fc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a1AD1.bat

Filesize
722B

MD5
79c88dca5fc8896365a311c9fd8a4a04

SHA1
9854a4df029d3d59863d3291bb3e93d4db3791be

SHA256
a74b1e4d30e339523e3afa0867df3696b7e604d832d1782e9136c384126cdfdd

SHA512
56bebba07120dd40fd9e1fc4d586b7fb37b50fdcc7f695f0341b9f05857ef83e67d611ead950a83644bb42505d8268b4bdcf477e0f90914094b56669eb5634cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\be068b340871da52490283160797f2257d6ce0016c32c14992d71260fef1cc16.exe.exe

Filesize
36KB

MD5
9f498971cbe636662f3d210747d619e1

SHA1
44b8e2732fa1e2f204fc70eaa1cb406616250085

SHA256
8adf6748981c3e7b62f5dbca992be6675574fffbce7673743f2d7fe787d56a41

SHA512
b73083c2f7b028d2946cb8f7b4fe2289fedaa4175364a2aac37db0aeff4602aede772ccc9eba7e6dcfcb7276e52604ca45d8021952201b5834485b48bca3dc93

Download Submit
C:\Windows\Logo1_.exe

Filesize
33KB

MD5
1f84b18db78866f74a67bd2659cabbdb

SHA1
a939bce6428210b23131eaf06bc7b08a5cb971e4

SHA256
3e05e2a6fc214496dd7e7200ea3b0375fb22b111e3e7bce4d4728c6b528b209a

SHA512
21a24ce58d7e8555d3ac8fa48f8efe648215caf2d4692564a5015f241a8abd62492dda085d48630eac588602b9ef53bc939f633e2771a05562468545104d81e1

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
832B

MD5
7e3a0edd0c6cd8316f4b6c159d5167a1

SHA1
753428b4736ffb2c9e3eb50f89255b212768c55a

SHA256
1965854dfa54c72529c88c7d9f41fa31b4140cad04cf03d3f0f2e7601fcbdc6c

SHA512
9c68f7f72dfa109fcfba6472a1cced85bc6c2a5481232c6d1d039c88b2f65fb86070aeb26ac23e420c6255daca02ea6e698892f7670298d2c4f741b9e9415c7f

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2248906074-2862704502-246302768-1000\_desktop.ini

Filesize
9B

MD5
ef2876ec14bdb3dc085fc3af9311b015

SHA1
68b64b46b1ff0fdc9f009d8fffb8ee87c597fa56

SHA256
ac2a34b4f2d44d19ca4269caf9f4e71cdb0b95ba8eb89ed52c5bc56eeeb1971c

SHA512
c9998caa062ad5b1da853fabb80e88e41d9f96109af89df0309be20469ca8f5be9dd1c08f3c97030e3a487732e82304f60ee2627462e017579da4204bc163c8f

Download Submit
memory/1144-29-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/1516-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1516-18-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2608-19-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2608-33-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2608-3284-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2608-4103-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads