fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4

General

Target

fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe
Size

1.9MB
MD5

04ed2212190b24935c27a3c52d45edd8
SHA1

e31a05d9ed92a131952b3c676ce1410eb7f6bc04
SHA256

fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4
SHA512

c638c66ce8b0dfca28bacf2a6fd0b063e8c53b558d21fa030dc8148e2c016a25c3c78c3d0f36f431db92bdec54a474a23fe6c409125a33cab70403fc37198b0a
SSDEEP

49152:7IwpL7jys6Tqrj7jeRB13xYr+rtd4eBXGeBXJRf1tr:njP6TlP1hU+L4eceVf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exefae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe

pid process

444 Logo1_.exe
2204 fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_122.0.2365.52_neutral__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\7-Zip\Lang\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\pages\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ia\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactNative\Tracing\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cy\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\offer_cards\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ast\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\ScreenSketchAppService\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\rundl132.exe	fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe
File created	C:\Windows\Logo1_.exe	fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

Logo1_.exe

pid	process
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe
444	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

Processes:

fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exeLogo1_.exenet.execmd.exe

description	pid	process	target process
PID 3352 wrote to memory of 640	3352	fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe	cmd.exe
PID 3352 wrote to memory of 640	3352	fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe	cmd.exe
PID 3352 wrote to memory of 640	3352	fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe	cmd.exe
PID 3352 wrote to memory of 444	3352	fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe	Logo1_.exe
PID 3352 wrote to memory of 444	3352	fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe	Logo1_.exe
PID 3352 wrote to memory of 444	3352	fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe	Logo1_.exe
PID 444 wrote to memory of 3516	444	Logo1_.exe	net.exe
PID 444 wrote to memory of 3516	444	Logo1_.exe	net.exe
PID 444 wrote to memory of 3516	444	Logo1_.exe	net.exe
PID 3516 wrote to memory of 4892	3516	net.exe	net1.exe
PID 3516 wrote to memory of 4892	3516	net.exe	net1.exe
PID 3516 wrote to memory of 4892	3516	net.exe	net1.exe
PID 640 wrote to memory of 2204	640	cmd.exe	fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe
PID 640 wrote to memory of 2204	640	cmd.exe	fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe
PID 640 wrote to memory of 2204	640	cmd.exe	fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe
PID 444 wrote to memory of 3268	444	Logo1_.exe	Explorer.EXE
PID 444 wrote to memory of 3268	444	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe
"C:\Users\Admin\AppData\Local\Temp\fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe"
2⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3352

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a441.bat
3⤵
- Suspicious use of WriteProcessMemory
PID:640

C:\Users\Admin\AppData\Local\Temp\fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe
"C:\Users\Admin\AppData\Local\Temp\fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe"
4⤵
- Executes dropped EXE
PID:2204

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:444

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:3516

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4440 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:2460

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe
Filesize
571KB

MD5
09216007ed8e593b9dab23a3abf9cd76

SHA1
d8556ebc0aee946b83acf0537ea81d9b8405c2ed

SHA256
55232fd6723251e9f09f6ee42e40c4ee46e032e0ac99561018a040f3ccdf2324

SHA512
65f3657f3a094a8ce82e86b25351ec0ebb914b2ef98d7a2c9ab9e7d1cb4884e9ff9e6e10be035dc454bd85088846dbacb45e992ba885cb7ae11d34f5f0b7511c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a441.bat
Filesize
721B

MD5
fd4ea5ed71d8d2cf9e07a5f7ab9925b7

SHA1
dd097c1cb3b1e7e6cee49ef951ecef0c4f02e5f2

SHA256
8162c9aecb0665c21a8dc36827c1f4a04370361f20d3eb966d5132f80286b310

SHA512
bed393e8b99571edc79f0267f93ad26356392fa469db13b9ef673392ab8a7b02cb497f4af5ce41ca2d9167753d524fc1c609932259dfa5c5bc4cfb911376d2d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe.exe
Filesize
1.9MB

MD5
290ba3738d9bd6a6dd8f1e4d0d08916a

SHA1
529f79aafd8b3a97c3ad131280ce3f799013c209

SHA256
cd6e0ba7daacdbfe73cc1690c8e91f6019f1a87a4fba45b1cef17d49ac369a6e

SHA512
5cfe9083c15d0ff5c4c67a8d0d45aedf46552b1321b18b56f701ea51b506739ceabe312f42d951c19208e62818917109cfa0f03b1ba19a5baa7856edd766dd1b

Download Submit
C:\Windows\Logo1_.exe
Filesize
27KB

MD5
03b44db159a155adf9d6d4ce059bcc94

SHA1
a6e4a3d607d0a9e86ac3ee757c6edb0513bb8d72

SHA256
281f5e68ebf4c747601c9b252a1af6bf7452bde36311b00ab1db51efc12e48c3

SHA512
59a8b6ffdf00e7f9b08bced1f8ac0f98c6685f3bed54a8f2857830d9f0457fa28ecd429f1c0b70228223a71dc1ee0a8dacfff1819b1e52bc10f644cb43d1e89a

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\_desktop.ini
Filesize
9B

MD5
31874817e0fb055be8d2c971c0e3bbde

SHA1
ee8a35d6a86cb6d13f354d67d912e194bb09c74b

SHA256
94de8b492bc2db9a9592f7c9433547eb7f80826ed67f48d2bb7e22db9d49f544

SHA512
55747c69ae50fa212576d095f60cf33b42e26789cf8c34fc5120a45b1988aae95f91d9e37cb17298c5ac5243b2e4c40e1d0e084ce7fe14bceb4ebb318c65c944

Download Submit
memory/444-22-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/444-157-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/444-1186-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/444-1019-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/444-1018-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/444-29-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/444-36-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/444-40-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/444-45-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/444-8-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2204-19-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2204-21-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/3352-11-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3352-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download

pid	process
444	Logo1_.exe
2204	fae0f669faa4d3c2188444825a2992ad3304c90955a8073c7920028a122e25c4.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads