ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250

General

Target

ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe
Size

72KB
MD5

181b05f797bf19da72559765f89ccc8b
SHA1

c05566d5a52e59501b666889460087547840c126
SHA256

ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250
SHA512

5186db618444967af521b777f0f515cd7148c9bc2cf244e0f70e543bf2b782071e91563f4087aee2fb0561f4c8f599a8f354d6a4c004fec87260294db723ee22
SSDEEP

1536:lhhufgLdQAQfcfymN92nOF6u/i8i+KicZRYeghh:cftffjmN92OFp68iIyR

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exeec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe

pid process

4280 Logo1_.exe
628 ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe.exe	upx
behavioral2/memory/628-17-0x0000000000400000-0x000000000050F000-memory.dmp	upx
behavioral2/memory/628-20-0x0000000000400000-0x000000000050F000-memory.dmp	upx

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\cookie_exporter.exe	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\swidtag\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-us\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Examples\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Photo Viewer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\firstrun\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\bg-BG\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.Telemetry\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ko\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cgg\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\da-DK\View3d\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\rundl132.exe	ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe
File created	C:\Windows\Logo1_.exe	ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

Logo1_.exe

pid	process
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe
4280	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

Processes:

ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.execmd.exeLogo1_.exenet.exe

description	pid	process	target process
PID 4052 wrote to memory of 408	4052	ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe	cmd.exe
PID 4052 wrote to memory of 408	4052	ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe	cmd.exe
PID 4052 wrote to memory of 408	4052	ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe	cmd.exe
PID 4052 wrote to memory of 4280	4052	ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe	Logo1_.exe
PID 4052 wrote to memory of 4280	4052	ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe	Logo1_.exe
PID 4052 wrote to memory of 4280	4052	ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe	Logo1_.exe
PID 408 wrote to memory of 628	408	cmd.exe	ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe
PID 408 wrote to memory of 628	408	cmd.exe	ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe
PID 408 wrote to memory of 628	408	cmd.exe	ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe
PID 4280 wrote to memory of 4856	4280	Logo1_.exe	net.exe
PID 4280 wrote to memory of 4856	4280	Logo1_.exe	net.exe
PID 4280 wrote to memory of 4856	4280	Logo1_.exe	net.exe
PID 4856 wrote to memory of 2912	4856	net.exe	net1.exe
PID 4856 wrote to memory of 2912	4856	net.exe	net1.exe
PID 4856 wrote to memory of 2912	4856	net.exe	net1.exe
PID 4280 wrote to memory of 3480	4280	Logo1_.exe	Explorer.EXE
PID 4280 wrote to memory of 3480	4280	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe
"C:\Users\Admin\AppData\Local\Temp\ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe"
2⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4052

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a54C7.bat
3⤵
- Suspicious use of WriteProcessMemory
PID:408

C:\Users\Admin\AppData\Local\Temp\ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe
"C:\Users\Admin\AppData\Local\Temp\ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe"
4⤵
- Executes dropped EXE
PID:628

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4280

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:4856

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:2912

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
Filesize
251KB

MD5
3e7e33f90519246ba56d5539af241f1d

SHA1
b670438955c17f3c05d321138bd051031dc96c69

SHA256
b5f8587bd50d73e4c0d2a626aeee40166cf953f0ef6b7936bcd2566daa4c03d7

SHA512
3f11e97f71a8a57abae3f2a74a5c62820995d29538c9202701540c889ede1573d59f43d30a3040afebeb8a4be7aec721b57a7e3259f52e82e6d74ad2dfa0be13

Download Submit
C:\Program Files\MountComplete.exe
Filesize
1.1MB

MD5
9a0069ab4ec5f73a8c8f5c40a2d8333f

SHA1
4fc430f8b14fe3ee611045758b1b68b56ed48b05

SHA256
7909ffb5c2a471f2c4f9aa54e073097a8bf0d1a4c4e44ba4832962dba4072cf5

SHA512
935abd9453388da07ccf96cab29429fbfffb87911a309f63669959bce7bb4888c333597cfef2e10e239abeaf6ed6710b7675e77969cd78b62a754f3f39a3d351

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a54C7.bat
Filesize
722B

MD5
82444af3f397010f314c4ca7209960ed

SHA1
452a1e49f8fbf9746a178aa4136c73bf94d9b7c7

SHA256
9be7df4082bcb64638f81004be72286dd7a2148c54ff56c761d0e2b8d3b5e70e

SHA512
6ec8287ab94ddeeea7b10ad7963462d40fcbf3dd40ae9bff641aa6dd5f94d5bf81a9700b79686e0abfba00b46c37ea22a4c9176dc5a25c0f7cc6a07ee11a4c62

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec9b5ecb4c0e1fa99e688c9351eb53b68d26a6aa83713ebcfd81440225450250.exe.exe
Filesize
46KB

MD5
07adddef653a702b9a11edbcee07e82b

SHA1
97729f6df1cd96b61e3e2bc1a841adf1720e2ec5

SHA256
69214c946aa2db33ae97ebe3ca23808853a5110a716ea58510787229599960ee

SHA512
98fbad7178470651ebab97c0c5ed78f7dde9e8f2d7e9060538a4f0e60d53471def7433d38e02cf3afe1c2b6be3c1a503950d4c2cfe1ee9c00465255332ef519d

Download Submit
C:\Windows\Logo1_.exe
Filesize
26KB

MD5
d4e8715b88849f5a8e1dc07f031120a2

SHA1
c77ee0410fd1d584547b3d308229149451da50aa

SHA256
f1a37f5d13a0db4ff22a45fee6a87a66ab4d70f31336bcf047f7129e89578d8a

SHA512
a7d6a9dc3b2050a0a4f59f2cac5f0c3cd2097827257bc76101b8d4153158104cc2a686e882e73f679800941ca71a2a1a989c9aec7052e0f0af4b2f71263edd73

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\_desktop.ini
Filesize
9B

MD5
31874817e0fb055be8d2c971c0e3bbde

SHA1
ee8a35d6a86cb6d13f354d67d912e194bb09c74b

SHA256
94de8b492bc2db9a9592f7c9433547eb7f80826ed67f48d2bb7e22db9d49f544

SHA512
55747c69ae50fa212576d095f60cf33b42e26789cf8c34fc5120a45b1988aae95f91d9e37cb17298c5ac5243b2e4c40e1d0e084ce7fe14bceb4ebb318c65c944

Download Submit
memory/628-17-0x0000000000400000-0x000000000050F000-memory.dmp

Filesize
1.1MB

Download
memory/628-20-0x0000000000400000-0x000000000050F000-memory.dmp

Filesize
1.1MB

Download
memory/4052-10-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4052-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4280-22-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4280-39-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4280-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4280-1234-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4280-29-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4280-4800-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4280-11-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4280-5239-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads