Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
28-10-2021 16:05
Static task
static1
Behavioral task
behavioral1
Sample
Vape V4.exe
Resource
win7-en-20210920
General
-
Target
Vape V4.exe
-
Size
6.6MB
-
MD5
88310e11163de10dc9ff12aa6982af4e
-
SHA1
6df538dcc382c7897768581c324bc55c403efe3d
-
SHA256
37176d6b96ab2a6f31d0a87ed6ef86a954a0ce562837c276ff6538b5ba0a93ed
-
SHA512
7e25789073d2148497a7170de6db3bd1004f1295eec4ea9dfeb439a27fed2ee608f6b5d045a4de741da9b778ae8f2052c15e0eb9201a4a74da5856332fa94b1b
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Vape V4.exepid process 636 Vape V4.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Vape V4.exedescription pid process target process PID 872 wrote to memory of 636 872 Vape V4.exe Vape V4.exe PID 872 wrote to memory of 636 872 Vape V4.exe Vape V4.exe PID 872 wrote to memory of 636 872 Vape V4.exe Vape V4.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI8722\python39.dllMD5
7e9d14aa762a46bb5ebac14fbaeaa238
SHA1a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9
SHA256e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3
SHA512280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023
-
\Users\Admin\AppData\Local\Temp\_MEI8722\python39.dllMD5
7e9d14aa762a46bb5ebac14fbaeaa238
SHA1a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9
SHA256e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3
SHA512280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023
-
memory/636-54-0x0000000000000000-mapping.dmp