7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc

General

Target

7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe
Size

258KB
MD5

a01837a25d9075f583bfe58cfe1699b6
SHA1

e24abbb3c3071eae18da00ca3fe9258d9d6c4925
SHA256

7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc
SHA512

8dde3d1d88ed41cc3f975d5e2dd5e702fff33060cc6854ca768aef900a0c78efad4cae1e107ba4d527a2445e3a1930c529ee0f930d00db7fdad56ad0a6931a53
SSDEEP

1536:tF3SHmLKarIpYQILFkbeumIkA39xSZW175V7UZQJ0UjsWpcdVO4Mqg+aJRaCAd1L:tFkF3plLRkgUA1nQZwFGVO4Mqg+WDY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exe7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe

pid process

436 Logo1_.exe
4000 7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\locale\sw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\SmartSelect\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\eu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\an\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Defender\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Mutable\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nb-no\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\Logo1_.exe	7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

Logo1_.exe

pid	process
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe
436	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

Processes:

7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exeLogo1_.exenet.execmd.exe

description	pid	process	target process
PID 1096 wrote to memory of 2844	1096	7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe	cmd.exe
PID 1096 wrote to memory of 2844	1096	7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe	cmd.exe
PID 1096 wrote to memory of 2844	1096	7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe	cmd.exe
PID 1096 wrote to memory of 436	1096	7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe	Logo1_.exe
PID 1096 wrote to memory of 436	1096	7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe	Logo1_.exe
PID 1096 wrote to memory of 436	1096	7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe	Logo1_.exe
PID 436 wrote to memory of 1456	436	Logo1_.exe	net.exe
PID 436 wrote to memory of 1456	436	Logo1_.exe	net.exe
PID 436 wrote to memory of 1456	436	Logo1_.exe	net.exe
PID 1456 wrote to memory of 960	1456	net.exe	net1.exe
PID 1456 wrote to memory of 960	1456	net.exe	net1.exe
PID 1456 wrote to memory of 960	1456	net.exe	net1.exe
PID 2844 wrote to memory of 4000	2844	cmd.exe	7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe
PID 2844 wrote to memory of 4000	2844	cmd.exe	7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe
PID 2844 wrote to memory of 4000	2844	cmd.exe	7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe
PID 436 wrote to memory of 3400	436	Logo1_.exe	Explorer.EXE
PID 436 wrote to memory of 3400	436	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe
"C:\Users\Admin\AppData\Local\Temp\7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe"
2⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1096

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3C2E.bat
3⤵
- Suspicious use of WriteProcessMemory
PID:2844

C:\Users\Admin\AppData\Local\Temp\7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe
"C:\Users\Admin\AppData\Local\Temp\7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe"
4⤵
- Executes dropped EXE
PID:4000

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:436

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:1456

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
252KB

MD5
bd895f6286d498b176d3d2a55bffc71d

SHA1
3943c38d17c290efb219227a6602335b10a170be

SHA256
7a0b8177c4a177530e0765952d9bf16f0fcab6c10158b25f725883bd5904a804

SHA512
abf71f264b335a8b2b97ec22e4dcf3fa63cff2d114e1c2ef65e80c3c6182dc53e1065605ee9fc88aca514fb3337461404889dc3a555bdff651954ee9d7565ffe

Download Submit
C:\Program Files\SendExit.exe

Filesize
330KB

MD5
864cbbb9423caadfed5670bcf6018ff2

SHA1
60b2a756aade9bb196cba825db06053666d12c15

SHA256
f3b02a955a534c513fb4709fb6474ac444a21480069b1f524b1bf45284c227b1

SHA512
bfb0e9653a60acfd370b3b8b424fa3e770e1bc7ffd31d0c9fe826ac06f761d98eafe1f5a4b50dd8869ed65b6b5b026721de2613baba138800c0350d3e6167a82

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
637KB

MD5
9cba1e86016b20490fff38fb45ff4963

SHA1
378720d36869d50d06e9ffeef87488fbc2a8c8f7

SHA256
a22e6d0f5c7d44fefc2204e0f7c7b048e1684f6cf249ba98c006bbf791c22d19

SHA512
2f3737d29ea3925d10ea5c717786425f6434be732974586328f03691a35cd1539828e3301685749e5c4135b8094f15b87fb9659915de63678a25749e2f8f5765

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3C2E.bat

Filesize
722B

MD5
d46f558853a13c030211d0b8e12a2421

SHA1
aa7e82fc6ee58f82e4976d36e7f24832066d673d

SHA256
5bad527bbf0ae805b8889caa2d7eeaca4a0cdce9f104d04de8b5a9089446c357

SHA512
bcbc4bb52510b6145e571c26bf437ef1eb3c62d581033be4358e4597fd135a33b626714fc016bcb728c57877ec9bb9c59e252c141992bb3f443eeb8902ab107e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe.exe

Filesize
231KB

MD5
6f581a41167d2d484fcba20e6fc3c39a

SHA1
d48de48d24101b9baaa24f674066577e38e6b75c

SHA256
3eb8d53778eab9fb13b4c97aeab56e4bad2a6ea3748d342f22eaf4d7aa3185a7

SHA512
e1177b6cea89445d58307b3327c78909adff225497f9abb8de571cdd114b547a8f515ec3ab038b583bf752a085b231f6329d6ca82fbe6be8a58cd97a1dbaf0f6

Download Submit
C:\Windows\Logo1_.exe

Filesize
27KB

MD5
ce3c931f3419f496e693e8c7eeb200b5

SHA1
8716d9d3206a1271007d45066893d268f1dec73c

SHA256
d932f87076a2a62dcb858480ab92aad4ce8330112b8a6efe503dd8560fd90581

SHA512
23017fe2bb7f59d008c24d7c0e2b700e9ac4370fa47663edde147299310b57af0ccab4de093586c845de43b3bd75933cf4db02c34068a1c19cf210ab84b177ed

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-540404634-651139247-2967210625-1000\_desktop.ini

Filesize
9B

MD5
3b22ce0fee2d1aaf2c66dcd142740e29

SHA1
94d542b4bb9854a9419753c38e6ffe747653d91c

SHA256
8284772f28954a109c16f1583e6e34e29f06673b34e04f268bda961b57ba9f79

SHA512
efd4900a49624170e51ea401f0845634f49484a49335845258dc3d41a12e2022bf413a6751fcbcfd1ec68cde506f3363beae57f20e8eaca8b214d28baa138c5b

Download Submit
memory/436-27-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/436-33-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/436-37-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/436-20-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/436-1232-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/436-11-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/436-4798-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/436-5237-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1096-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1096-10-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download

pid	process
436	Logo1_.exe
4000	7dc76e6a97b8ea017ca4f25895cad3f71c462c97cdf5e2a975a18ddc56a149cc.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads