ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c

General

Target

ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe
Size

107KB
MD5

433ca4820e507ac52f5c453012cc170d
SHA1

33022d69883f57c3cdbb647d9157546151fdca6d
SHA256

ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c
SHA512

6c0a68bbd88bd84ec1cb0515fada1b1fa8b3a21c9c3c038fc585b41ac20c497c7838ed60925c0278df9f6c609147f9a5fe0eb41ed20b02dbce19d6f99b1d6e68
SSDEEP

3072:OftffjmN8omnzVincQDKgct5GpRgpzxjHsT4fEB:2VfjmN8tZkRg1sB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exeff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe

pid process

316 Logo1_.exe
2476 ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Speech\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\wa\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\libs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\uk-UA\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sq\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.SmartGlass.Controls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_2019.729.2301.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\et\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\es-es\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\rundl132.exe	ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe
File created	C:\Windows\Logo1_.exe	ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe.exe	nsis_installer_1
C:\Users\Admin\AppData\Local\Temp\ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe.exe	nsis_installer_2

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

Logo1_.exe

pid	process
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe
316	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

Processes:

ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exeLogo1_.exenet.execmd.exe

description	pid	process	target process
PID 552 wrote to memory of 1324	552	ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe	cmd.exe
PID 552 wrote to memory of 1324	552	ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe	cmd.exe
PID 552 wrote to memory of 1324	552	ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe	cmd.exe
PID 552 wrote to memory of 316	552	ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe	Logo1_.exe
PID 552 wrote to memory of 316	552	ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe	Logo1_.exe
PID 552 wrote to memory of 316	552	ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe	Logo1_.exe
PID 316 wrote to memory of 1188	316	Logo1_.exe	net.exe
PID 316 wrote to memory of 1188	316	Logo1_.exe	net.exe
PID 316 wrote to memory of 1188	316	Logo1_.exe	net.exe
PID 1188 wrote to memory of 3880	1188	net.exe	net1.exe
PID 1188 wrote to memory of 3880	1188	net.exe	net1.exe
PID 1188 wrote to memory of 3880	1188	net.exe	net1.exe
PID 1324 wrote to memory of 2476	1324	cmd.exe	ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe
PID 1324 wrote to memory of 2476	1324	cmd.exe	ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe
PID 1324 wrote to memory of 2476	1324	cmd.exe	ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe
PID 316 wrote to memory of 3504	316	Logo1_.exe	Explorer.EXE
PID 316 wrote to memory of 3504	316	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe
"C:\Users\Admin\AppData\Local\Temp\ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe"
2⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:552

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3C1E.bat
3⤵
- Suspicious use of WriteProcessMemory
PID:1324

C:\Users\Admin\AppData\Local\Temp\ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe
"C:\Users\Admin\AppData\Local\Temp\ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe"
4⤵
- Executes dropped EXE
PID:2476

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:316

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:1188

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
8991024465539ea4a1f8eecd0015cf21

SHA1
59355629756d24fff3379a3ad8581216a0aa9599

SHA256
bf17aa18a7c1da825e039ac6ee6245def75cba0a2f7e06ed9d773ba49c262621

SHA512
2c4097a2c1d93f375f8df443dab3a02d5dec29e64a62620894ac538e8de22349f9928169ad49cae3ceeaf838869a72a47ed79042e9e5099ce51b5587c8ff7ed5

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
213d988192c0754cd29989df61bf178f

SHA1
336f0a27b1ad6e06a743b4d7f9f3e026ee79a0b2

SHA256
7b9d46212245d0112a4a706cfc5004544c315e97a4ea1101de55516ca7e5ec6e

SHA512
6a963b35b240714d030419deabd718351233958be4d43762da76517f40c47f2d74c1a66ecf49305d275c3ebaf5f60f88794900bffc609fe32c4e4ff6dceb98f2

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3C1E.bat

Filesize
722B

MD5
57f5c71628f5e1097c0e24b9bc531377

SHA1
734b5140d042acb365935965c35be617f93b9ff3

SHA256
961a8f3feaf8b635ea50208b63d4075b6dbe6ceac08cce59ceef403e8dc37782

SHA512
bd5d6a05baf4e3e8a40f7f79dc37b9a549d7425412ac81a6444ba70d965b60bb2824b3f91c70bf4b5b76468e7c17e59e57709720555ff2d923d04d47732aac45

Download Submit
C:\Users\Admin\AppData\Local\Temp\ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe.exe

Filesize
81KB

MD5
fd12f63044721d25faa1036ed2770718

SHA1
1a42d4049196f52ea7069e26cbf8eb88db148771

SHA256
77c0fee86c0ababa4ce5834f7084092a34b3247dfb3446d902e2659b18855416

SHA512
27bb5fdeb89a982181fe8323684d3988b053804c48924842d3ef54f9700eb71708f96b0433c3593ead0ff94747e7e5b2914026e1bea98fd6b077af5ecc4d4e67

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
62c7cb5a0a1111ffa4eec7a19446b0a8

SHA1
817533c991e46bcaa3e46682b95ca2ac7c9f0b73

SHA256
c3f7959531f637630e5be9fbc86f4d341797fd6f813444df88c37fb6b94e2743

SHA512
46f1faf67ee6c017445b2e4574da91f5393a11e28af9133de1000b525db746da72219c00c1bfbf5822698365cca52e1956f006f6a7433cdf8903e26e586ac997

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4018855536-2201274732-320770143-1000\_desktop.ini

Filesize
9B

MD5
3b22ce0fee2d1aaf2c66dcd142740e29

SHA1
94d542b4bb9854a9419753c38e6ffe747653d91c

SHA256
8284772f28954a109c16f1583e6e34e29f06673b34e04f268bda961b57ba9f79

SHA512
efd4900a49624170e51ea401f0845634f49484a49335845258dc3d41a12e2022bf413a6751fcbcfd1ec68cde506f3363beae57f20e8eaca8b214d28baa138c5b

Download Submit
memory/316-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/316-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/316-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/316-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/316-1230-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/316-10-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/316-4796-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/316-5235-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/552-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/552-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

pid	process
316	Logo1_.exe
2476	ff3e3c166d82e26136c98610a54421d49f2632e032d462d457d7bbafe2cc844c.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads