7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b

General

Target

7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
Size

577KB
MD5

910284bbd7c634fe066813e80f33296d
SHA1

97399b7586901e6b9e046bf9ef230103c54d2e1f
SHA256

7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b
SHA512

18dd89ea3ed8f270b71bc756dbd1d9eb406f03de2fb9813bbd7f08289148a28f459b21e8a5fbdab442de6face435cbd51806c8a9caf42906ab653a7d2075b58f
SSDEEP

6144:E+aMKE7cV3iwbAFRWAbd4nf0H05yqE6Hl0ChW0+ksllAXBu0lWGWUJJQ4t0BHQQG:E+aMR7a3iwbihym2g7XO3LWUQfh4Co

Score

7^/10

spyware stealer

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

2776 cmd.exe
Executes dropped EXE 2 IoCs

Processes:

Logo1_.exe7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe

pid process

2840 Logo1_.exe
2600 7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
Loads dropped DLL 1 IoCs

Processes:

cmd.exe

pid process

2776 cmd.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
2776	cmd.exe

pid	process
2840	Logo1_.exe
2600	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe

pid	process
2776	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File created	C:\Program Files\Microsoft Games\Mahjong\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Chess\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Defender\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Internet Explorer\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\FAX\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\servertool.exe	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ia\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\wabmig.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpnetwk.exe	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpshare.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\meta\reader\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\MSBuild\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Minesweeper\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\Logo1_.exe	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\Dll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 43 IoCs

Processes:

7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exeLogo1_.exe

pid	process
1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe
2840	Logo1_.exe

Suspicious use of WriteProcessMemory 38 IoCs

Processes:

7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exenet.exeLogo1_.exenet.execmd.exenet.exe

description	pid	process	target process
PID 1960 wrote to memory of 3056	1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe	net.exe
PID 1960 wrote to memory of 3056	1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe	net.exe
PID 1960 wrote to memory of 3056	1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe	net.exe
PID 1960 wrote to memory of 3056	1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe	net.exe
PID 3056 wrote to memory of 2904	3056	net.exe	net1.exe
PID 3056 wrote to memory of 2904	3056	net.exe	net1.exe
PID 3056 wrote to memory of 2904	3056	net.exe	net1.exe
PID 3056 wrote to memory of 2904	3056	net.exe	net1.exe
PID 1960 wrote to memory of 2776	1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe	cmd.exe
PID 1960 wrote to memory of 2776	1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe	cmd.exe
PID 1960 wrote to memory of 2776	1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe	cmd.exe
PID 1960 wrote to memory of 2776	1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe	cmd.exe
PID 1960 wrote to memory of 2840	1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe	Logo1_.exe
PID 1960 wrote to memory of 2840	1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe	Logo1_.exe
PID 1960 wrote to memory of 2840	1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe	Logo1_.exe
PID 1960 wrote to memory of 2840	1960	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe	Logo1_.exe
PID 2840 wrote to memory of 2644	2840	Logo1_.exe	net.exe
PID 2840 wrote to memory of 2644	2840	Logo1_.exe	net.exe
PID 2840 wrote to memory of 2644	2840	Logo1_.exe	net.exe
PID 2840 wrote to memory of 2644	2840	Logo1_.exe	net.exe
PID 2644 wrote to memory of 2864	2644	net.exe	net1.exe
PID 2644 wrote to memory of 2864	2644	net.exe	net1.exe
PID 2644 wrote to memory of 2864	2644	net.exe	net1.exe
PID 2644 wrote to memory of 2864	2644	net.exe	net1.exe
PID 2776 wrote to memory of 2600	2776	cmd.exe	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
PID 2776 wrote to memory of 2600	2776	cmd.exe	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
PID 2776 wrote to memory of 2600	2776	cmd.exe	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
PID 2776 wrote to memory of 2600	2776	cmd.exe	7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
PID 2840 wrote to memory of 2704	2840	Logo1_.exe	net.exe
PID 2840 wrote to memory of 2704	2840	Logo1_.exe	net.exe
PID 2840 wrote to memory of 2704	2840	Logo1_.exe	net.exe
PID 2840 wrote to memory of 2704	2840	Logo1_.exe	net.exe
PID 2704 wrote to memory of 2808	2704	net.exe	net1.exe
PID 2704 wrote to memory of 2808	2704	net.exe	net1.exe
PID 2704 wrote to memory of 2808	2704	net.exe	net1.exe
PID 2704 wrote to memory of 2808	2704	net.exe	net1.exe
PID 2840 wrote to memory of 1352	2840	Logo1_.exe	Explorer.EXE
PID 2840 wrote to memory of 1352	2840	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
"C:\Users\Admin\AppData\Local\Temp\7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe"
2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1960

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
3⤵
- Suspicious use of WriteProcessMemory
PID:3056

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
4⤵
PID:2904

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a493.bat
3⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2776

C:\Users\Admin\AppData\Local\Temp\7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe
"C:\Users\Admin\AppData\Local\Temp\7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe"
4⤵
- Executes dropped EXE
PID:2600

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2840

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:2644

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:2864

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:2704

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:2808

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
Filesize
258KB

MD5
ce1ebc3c0c328e142eab47b6635f807c

SHA1
5576885f6e7f2abe82df076a2d27af32eebb4c0a

SHA256
58eb636f0448ed27f1c1c30503a7888e2913dec4b408e22e46f7edf574375870

SHA512
f3a1be84df1ea85519589ef8b17738bf19202c444992b0d18f802d4e1ca57224a0b2e57371635a21c4cd967cb112eea9c338dbe07eb08d1c44316c5c2379b407

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
Filesize
478KB

MD5
3e2d3392a9d3ae3ed27661f81e853478

SHA1
fa8c023a3bff75e89ed39f5d4bfb5693d818ca8b

SHA256
09da8a31b7f420b9e4ed6d02e698bcc12a4f3efa46a53d1492a241a5784d44a8

SHA512
27652a29d728b92995b8ce46b150cd14baf5b65789591085ef3fa959dbc99efaa071b7a014ccaabeb6e84cdea642769dc98a7a1684afcda9be82dbb0b8d3fa17

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a493.bat
Filesize
721B

MD5
6dda4dd2a0df932b4d3221b60e0bf7b2

SHA1
f5f4bc3487793ad9fa6146650fddf4409089342e

SHA256
1f36cef6558c51973b2705fb637429bc58126258f44c0e51215b323c12fe5e0a

SHA512
0e2b504bcdd71f7d92a8b170b11f14de193178882db3213a73ac0102653b8f72ce3fe789731bda76123e529cbdedd0c6e32fa86dcaa29606aa52335f74a03e7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7d477e0c4001981ef55282a1d61e5510bb08eedba840ec9df323eda8053c892b.exe.exe
Filesize
544KB

MD5
9a1dd1d96481d61934dcc2d568971d06

SHA1
f136ef9bf8bd2fc753292fb5b7cf173a22675fb3

SHA256
8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525

SHA512
7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

Download Submit
C:\Windows\Logo1_.exe
Filesize
33KB

MD5
05ebb4f9455d52366f013e63d099d41f

SHA1
f3d867260198c5be6f0f1e796d517e8ad75b2173

SHA256
05362547df367881bc8a8956b74adf5e7d0c641ad3a6defce8751787503af3f3

SHA512
573fea3c1964ce511986b959789ec3e170ba5d668cab0c201e6ac27c6d23b04250910871b2fd22ad6558d20a2aa2da0380cf9594aa8a33d1315f364a8d697a2f

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3627615824-4061627003-3019543961-1000\_desktop.ini
Filesize
9B

MD5
31874817e0fb055be8d2c971c0e3bbde

SHA1
ee8a35d6a86cb6d13f354d67d912e194bb09c74b

SHA256
94de8b492bc2db9a9592f7c9433547eb7f80826ed67f48d2bb7e22db9d49f544

SHA512
55747c69ae50fa212576d095f60cf33b42e26789cf8c34fc5120a45b1988aae95f91d9e37cb17298c5ac5243b2e4c40e1d0e084ce7fe14bceb4ebb318c65c944

Download Submit
memory/1352-27-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/1960-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1960-17-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2840-31-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2840-18-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2840-3318-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2840-4123-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads