b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d

Analysis

max time kernel
149s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 22:08 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d.exe
Size

1.2MB
MD5

d65394674d3e7355ba0039eeef2416f4
SHA1

5767c74a60d85a32b5d2d9beeacf7491e9db73e8
SHA256

b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d
SHA512

1c28fc6d2b169869cb604e539da08c037ce160f0d4c496b9a8ddaae2d13b95f5dd2c51bc1e797fba92e4eae2f87756dd5556a0abfac18889c64c3dd690fc1e6e
SSDEEP

12288:ip7+lZtPAB2GjMGfNTKdal60yMoFKimTBEAGlyV/vtvOhw5WxZevp:G7IZtP4zgSEAd8fBlYKwnvp

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3456	Logo1_.exe
920	b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fa-IR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\legal\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2020.1906.55.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\home-view\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\jscripts\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\Update\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\ImmersiveVideoPlayback\Content\Shaders\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\css\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\EBWebView\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\cpdf\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\winsdkfb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\rhp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Microsoft.Support.SDK\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d.exe
File created	C:\Windows\Logo1_.exe	b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe
3456	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 1960	1988	b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d.exe	88
PID 1988 wrote to memory of 1960	1988	b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d.exe	88
PID 1988 wrote to memory of 1960	1988	b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d.exe	88
PID 1988 wrote to memory of 3456	1988	b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d.exe	89
PID 1988 wrote to memory of 3456	1988	b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d.exe	89
PID 1988 wrote to memory of 3456	1988	b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d.exe	89
PID 3456 wrote to memory of 2644	3456	Logo1_.exe	91
PID 3456 wrote to memory of 2644	3456	Logo1_.exe	91
PID 3456 wrote to memory of 2644	3456	Logo1_.exe	91
PID 2644 wrote to memory of 2824	2644	net.exe	93
PID 2644 wrote to memory of 2824	2644	net.exe	93
PID 2644 wrote to memory of 2824	2644	net.exe	93
PID 1960 wrote to memory of 920	1960	cmd.exe	95
PID 1960 wrote to memory of 920	1960	cmd.exe	95
PID 3456 wrote to memory of 3404	3456	Logo1_.exe	56
PID 3456 wrote to memory of 3404	3456	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3404
- C:\Users\Admin\AppData\Local\Temp\b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d.exe
  "C:\Users\Admin\AppData\Local\Temp\b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1988
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4409.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d.exe
      "C:\Users\Admin\AppData\Local\Temp\b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d.exe"
      4⤵
      Executes dropped EXE
      PID:920
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3456
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2644
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4140,i,2651612535745483053,7868876458147986089,262144 --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:8
1⤵
PID:3740

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

72.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.32.126.40.in-addr.arpa

IN PTR

Response
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

72.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

72.32.126.40.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
88a7dac99617788a3f6e9e10f9ac447d

SHA1
c2adfcd7118facbf99366d28337665ce802baa1b

SHA256
284e0eb238a30fda222ad9ecd9f3dc0acd6aef33027562e0fa878e17d54a8d0b

SHA512
6fb722713b705434816e30bdd3e26a68553bf4ba184ca6d59e47e61dbfc2ae4b72833a573e5a263f33f183e0ad6f2ab3c7e0b6e84cacd49d08d5921f3ef1e156

Download Submit
C:\Program Files\SwitchRegister.exe

Filesize
443KB

MD5
93e921e7fbb314e99add11d930c27b32

SHA1
bac9ab29ac2072f392943e068c8b5d96a4f48633

SHA256
01a7ebe29424f5642347308b236c67fe2fe8a9187a1448eb32dc3270680a19ea

SHA512
8675da91ddeecce15cb190744e1b5766bb7feef0a8ba2388fa91b7b759728fa390fb310d3a453b77f8203016bce2b40091cba00698a7827a1a86eb696466b3e5

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a4409.bat

Filesize
722B

MD5
0125fb1c4d150fc73bc36c838ff1d1eb

SHA1
f306f4536e731563c89c2db5ab03ea925e0494f4

SHA256
92ce39992467a91e3d961d4cb9a856f764c4cba7e4e3e83ffaa935fda220b49d

SHA512
bd020db29856bf1076134245a1534ce9da4f5c8d0a2ef85fa74232fb6e52782699dbdf277377bb6241698e61796bca355c85afa3af8bb22ab00f69931b3acb41

Download Submit
C:\Users\Admin\AppData\Local\Temp\b537f28b3380ce78629945048753924f48e12279cc4ac69c63985416a215117d.exe.exe

Filesize
1.2MB

MD5
bc111a2e7428e1bfc86a7edd0ea9ea43

SHA1
120801cf6286ec01bee0660b7813f33584385169

SHA256
1dd8554472d5511a9494a46bb80f82cad86c71877db81459335a5a97d1d72b05

SHA512
5477cf6df611f82e69dfa18feecb92a40d925d589658b8582b66971b2bb204db4c7a1bb68064e516b3a91ed1efc3f86eceec01e27171398db8f1ee216361342f

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
033f832ce1346b7839ab0114b7d46349

SHA1
339553f046186e54c91ea18765bfef551701f37b

SHA256
771a6d5ca90b397c56e449ed8c2966364db1f6774dca74b74fe0f6eed8db4226

SHA512
e6a2ac92e6cac4774e5d3f8438388dacbc8359f60c40a6c76574d87de6da4ae65e06008c1d060f1c50a2804d432981105e71cb89a8ba65c2b1095da9eb951858

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-661257284-3186977026-4220467887-1000\_desktop.ini

Filesize
8B

MD5
ee8c783242e20d39ed0878caba7b4548

SHA1
1556ec263d4ec9c198a44ea2ecc3c4141ef4509b

SHA256
83855d38f6399f8cd40257a5d87a328d41c21e0e50ad4c91de11897e03ad4532

SHA512
427491089ca5aecb5f365d6adf2e5c9d18a7acf93d471a425364dc504f581f29908df9abfa0fb721e768004737d6c250804dbf27b3c9e4b87532052810318f2a

Download Submit
memory/1988-10-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1988-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3456-27-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3456-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3456-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3456-1234-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3456-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3456-4860-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3456-11-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3456-5311-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.