f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e

General

Target

f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe
Size

5.7MB
MD5

d72f1fa347b97e28816a85141a41e06c
SHA1

193b2087286a07d8f38b3c3dd6ef1de21331d43e
SHA256

f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e
SHA512

0a15e4961bcd4b0a77a3f0dbbd46d2fad0cc55e6a47777703b3a89f0ae11f0efd36cf52c2d178573d1829cd149152db9e190d183abe9309632877c159af67cd8
SSDEEP

49152:xPv94AEsKU8ggw1g+1CART5eBiyKS3EI3wybn20DCYIHvc8ixuZm9+fWsw6dTPBm:dKUgTH2M2m9UMpu1QfLczqssnKSh

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exef1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe

pid process

4444 Logo1_.exe
904 f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_2019.1111.2029.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sq\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\el-GR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\be-BY\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2019.716.2313.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ta\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\WinMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ml-IN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewer\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Configuration\Registration\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fil-PH\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\rundl132.exe	f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe
File created	C:\Windows\Logo1_.exe	f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

Logo1_.exe

pid	process
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe
4444	Logo1_.exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exeLogo1_.exenet.exe

description	pid	process	target process
PID 4616 wrote to memory of 1148	4616	f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe	cmd.exe
PID 4616 wrote to memory of 1148	4616	f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe	cmd.exe
PID 4616 wrote to memory of 1148	4616	f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe	cmd.exe
PID 4616 wrote to memory of 4444	4616	f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe	Logo1_.exe
PID 4616 wrote to memory of 4444	4616	f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe	Logo1_.exe
PID 4616 wrote to memory of 4444	4616	f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe	Logo1_.exe
PID 4444 wrote to memory of 1436	4444	Logo1_.exe	net.exe
PID 4444 wrote to memory of 1436	4444	Logo1_.exe	net.exe
PID 4444 wrote to memory of 1436	4444	Logo1_.exe	net.exe
PID 1436 wrote to memory of 1920	1436	net.exe	net1.exe
PID 1436 wrote to memory of 1920	1436	net.exe	net1.exe
PID 1436 wrote to memory of 1920	1436	net.exe	net1.exe
PID 4444 wrote to memory of 3460	4444	Logo1_.exe	Explorer.EXE
PID 4444 wrote to memory of 3460	4444	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe
"C:\Users\Admin\AppData\Local\Temp\f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe"
2⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4616

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a75AD.bat
3⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe
"C:\Users\Admin\AppData\Local\Temp\f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe"
4⤵
- Executes dropped EXE
PID:904

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4444

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:1436

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:1920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
252KB

MD5
0b2679dc1eb882abf56d11ca591aeb76

SHA1
7a5c7ff9a42f9c84873d269d1e776a89045a1f45

SHA256
3d1b129d45f7fe6c861e380906a0c97576a804240426a0d2408f131cbaedc354

SHA512
8661ecb16631ac033db4d7ee8aa291647ca3311888988693633acd1a69fd9d6eb890c94c97656602c47964219a082f875bce41710fe036cf546c29ae49e2e114

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
571KB

MD5
14a1606ee014690541ddd1c51169cba2

SHA1
2a75e583a802f1737912793c4977721b976a29b8

SHA256
41a57fc5677fdb1ae06acc8ad9c88f8ca184d986ef55a0551c5558372da8e065

SHA512
cd36672cd1ad94990e928c81e872d2ec9fa0cb0765b0002b5b676d62f801ac6df077ab042eb978a1f9fef644e92d08ef2cdc6f860d2161b0e12848108fa7fef7

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
637KB

MD5
9cba1e86016b20490fff38fb45ff4963

SHA1
378720d36869d50d06e9ffeef87488fbc2a8c8f7

SHA256
a22e6d0f5c7d44fefc2204e0f7c7b048e1684f6cf249ba98c006bbf791c22d19

SHA512
2f3737d29ea3925d10ea5c717786425f6434be732974586328f03691a35cd1539828e3301685749e5c4135b8094f15b87fb9659915de63678a25749e2f8f5765

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a75AD.bat

Filesize
722B

MD5
d15f0ef6f52359594014c1c8fbc2c7ed

SHA1
7fe9ec2803e3b714e9e6755f5182fc757b2db764

SHA256
51bdacbf12af5f0c744315b07710725cd803b1ee0792aa19f8c7fd3d6314e3fe

SHA512
de5e4737ef814e9bd9903a14f5d761221be47455523bd100d9e14966dbeee5c201aaf2678121e49d114db4772944899384a8dbc6963827ec7033e978e9b0e0a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\f1e2e63fa0ed7481c4e8311755f25e23f5225d5dd827dc663b82a5296487265e.exe.exe

Filesize
5.7MB

MD5
c596c3539f619ec76f36741933da5bed

SHA1
b3243f0ee893528f0ccd71700ca9970def6670b5

SHA256
bb9f95d1b280c1ec9ae27cf564bbb1b485e2d721d44b3288a9a43c07517e38de

SHA512
e6e9bd571f8a74b0d2f1a88f9c90fbf10a2150cda55cd4ad6f9a37e0c4a957a175ecb8adf17822331e6cb83bac6fec5bdc2fc87fdb5bc2bfa46ad7dac4df31d2

Download Submit
C:\Windows\Logo1_.exe

Filesize
27KB

MD5
d0d42004d5e14fecf764dc99963c82fa

SHA1
2b05a3b17e23a16df2a838d31d8c4113993dd833

SHA256
fe58d080c6a43f69deaec1b3fa9ffa2963dd9a3384b6f3aa9895c4dd2c485a8f

SHA512
72f9b71e46512dfcec9bd294930cc9a01acdb8c5b33a3c9a48c9475889f300e35d13191e5868c9798fd335af5a32793f19180b9d015ec18d2b112d0ac1749bee

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2539840389-1261165778-1087677076-1000\_desktop.ini

Filesize
9B

MD5
3b22ce0fee2d1aaf2c66dcd142740e29

SHA1
94d542b4bb9854a9419753c38e6ffe747653d91c

SHA256
8284772f28954a109c16f1583e6e34e29f06673b34e04f268bda961b57ba9f79

SHA512
efd4900a49624170e51ea401f0845634f49484a49335845258dc3d41a12e2022bf413a6751fcbcfd1ec68cde506f3363beae57f20e8eaca8b214d28baa138c5b

Download Submit
memory/4444-37-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4444-27-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4444-33-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4444-39-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4444-1232-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4444-8-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4444-4787-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4444-20-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4444-5226-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4616-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4616-13-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads