d106a7d59ca96b1ab6453779b4c776a8a1eb50c18301cfea74d8dffc58918ce4

Analysis

max time kernel
117s
max time network
144s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 06:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Vape.exe
Size

26.2MB
MD5

791c3bf66c8a105074b9fc0661900fae
SHA1

4f14127b9b75eedff2ca01a6802cdab0135f6824
SHA256

d106a7d59ca96b1ab6453779b4c776a8a1eb50c18301cfea74d8dffc58918ce4
SHA512

b20b2960249c9e0104156daaa214ca2455bff03106081d85eee6f98962ce1e08d80198174ac8ca4e5afa1260b1cacdb7f895f453af20b9b4fd7230f91bcacb51
SSDEEP

786432:vY4wouTtRLkpUXKmVdm/WL/H8b9ggYDL6cHNraZk:vY4QtucKmsggC+Zk

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2568	Vape.exe
2568	Vape.exe
2568	Vape.exe
2568	Vape.exe
2568	Vape.exe
2568	Vape.exe
2568	Vape.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000016ff2-73.dat	upx
behavioral1/files/0x0006000000016ff2-74.dat	upx
behavioral1/memory/2568-75-0x000007FEF6070000-0x000007FEF6659000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2568	3044	Vape.exe	29
PID 3044 wrote to memory of 2568	3044	Vape.exe	29
PID 3044 wrote to memory of 2568	3044	Vape.exe	29

C:\Users\Admin\AppData\Local\Temp\Vape.exe
"C:\Users\Admin\AppData\Local\Temp\Vape.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Users\Admin\AppData\Local\Temp\Vape.exe
  "C:\Users\Admin\AppData\Local\Temp\Vape.exe"
  2⤵
  - Loads dropped DLL
  PID:2568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30442\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
91b877c23410ec502370a01c2eb8fc2d

SHA1
3c1010bb30a44d6d90b48e805fa9d262276f2a0f

SHA256
781fb13ae016dd617a31b1708ab64dd752cc6f2932b704edd3c7d018793b3488

SHA512
4bca29792dec27d58405d843ed5317e2c5ac99dac3609b81c22ea440bc439bdac6890516240289b76388019016720eecda25d2d67252bdf258591698e582202e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
6a7b2af696d0667b300e845c5f8098bf

SHA1
e2ec9288876b84e718779d56f333e62d4f56e88f

SHA256
652c0ed643003e4e490ec4006bb5a48bfea524284e0612f96bb89798be2beea0

SHA512
eb4be12d3220145b8baafaa8e0440d0445cf84836663e44d25c7e1f2b9586ba4b3ed22adcd3e112084d755bfd735a67a4adf24952dfe0729cc2a6ee80b70ac64

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
ece78df965683c25525b14090de0a817

SHA1
4a112e96ecedaf54acceda967ab251ce2600253c

SHA256
61e8ec2f0bbf78a20aab1b335d20950ad0cc26b614ae0b1b6d0042da60e457cc

SHA512
f1f5b174d1beca816b3dafae9dc9605d869d6a826441802cef876f74043371a6af42590f3ec21058276ac745eb3652712eda74089cc4a04fecb3a3043cb30cbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
1da02ca8bba888b9b7794ff1ac23feae

SHA1
dc2ed63c40154479110a2369fd3bcaf800ed6bcc

SHA256
1bfc0b612e1077378642a5ef77b3f7542cbfc0fd1ac71deee490b1a8743df342

SHA512
1618781b50766c088b6f6c6eec7fa07df4825ef27489df27c6b53454fb64414aae4bb43469f7a7f5e42ec436ce374b81e4355d0ee8bdc655ebf4b162f05a2df9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
1061d9cde3bf86524e8663279fe8e839

SHA1
a7ab3c602ecf3ca5380773c3b6e40d8089f64704

SHA256
4b6b0101347a394d25dba3bcb17a704e27034071276de69ae6de8238d7bb5d76

SHA512
5a610cfd1ec9ce69684840c56531b5b4714e65c6d744222a38e169c3ef336564ef35d66288dc922681430e1ce22c39aca51f6cecb850c16a7cecb24809c41dfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\python311.dll

Filesize
1.6MB

MD5
5f6fd64ec2d7d73ae49c34dd12cedb23

SHA1
c6e0385a868f3153a6e8879527749db52dce4125

SHA256
ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967

SHA512
c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\ucrtbase.dll

Filesize
987KB

MD5
7dbabe7756944f6c3d402e97ff900499

SHA1
a562a5c60bf39cad84f11cafec0c5c3b09c56689

SHA256
616d70b2d1518408eb17c610e459ff75d4738ade33a5879667463f08677c1d55

SHA512
a65c555fe917cf91f69781ec89269a35ae9d3b406cebdf207e27e353b5246c3d9bd25d1a8b1664140e61bd4e2aa882d196fd2a6f9073f9b7ac3a8246a953eca8

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30442\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
91b877c23410ec502370a01c2eb8fc2d

SHA1
3c1010bb30a44d6d90b48e805fa9d262276f2a0f

SHA256
781fb13ae016dd617a31b1708ab64dd752cc6f2932b704edd3c7d018793b3488

SHA512
4bca29792dec27d58405d843ed5317e2c5ac99dac3609b81c22ea440bc439bdac6890516240289b76388019016720eecda25d2d67252bdf258591698e582202e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30442\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
6a7b2af696d0667b300e845c5f8098bf

SHA1
e2ec9288876b84e718779d56f333e62d4f56e88f

SHA256
652c0ed643003e4e490ec4006bb5a48bfea524284e0612f96bb89798be2beea0

SHA512
eb4be12d3220145b8baafaa8e0440d0445cf84836663e44d25c7e1f2b9586ba4b3ed22adcd3e112084d755bfd735a67a4adf24952dfe0729cc2a6ee80b70ac64

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30442\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
ece78df965683c25525b14090de0a817

SHA1
4a112e96ecedaf54acceda967ab251ce2600253c

SHA256
61e8ec2f0bbf78a20aab1b335d20950ad0cc26b614ae0b1b6d0042da60e457cc

SHA512
f1f5b174d1beca816b3dafae9dc9605d869d6a826441802cef876f74043371a6af42590f3ec21058276ac745eb3652712eda74089cc4a04fecb3a3043cb30cbb

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30442\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
1da02ca8bba888b9b7794ff1ac23feae

SHA1
dc2ed63c40154479110a2369fd3bcaf800ed6bcc

SHA256
1bfc0b612e1077378642a5ef77b3f7542cbfc0fd1ac71deee490b1a8743df342

SHA512
1618781b50766c088b6f6c6eec7fa07df4825ef27489df27c6b53454fb64414aae4bb43469f7a7f5e42ec436ce374b81e4355d0ee8bdc655ebf4b162f05a2df9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30442\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
1061d9cde3bf86524e8663279fe8e839

SHA1
a7ab3c602ecf3ca5380773c3b6e40d8089f64704

SHA256
4b6b0101347a394d25dba3bcb17a704e27034071276de69ae6de8238d7bb5d76

SHA512
5a610cfd1ec9ce69684840c56531b5b4714e65c6d744222a38e169c3ef336564ef35d66288dc922681430e1ce22c39aca51f6cecb850c16a7cecb24809c41dfa

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30442\python311.dll

Filesize
1.6MB

MD5
5f6fd64ec2d7d73ae49c34dd12cedb23

SHA1
c6e0385a868f3153a6e8879527749db52dce4125

SHA256
ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967

SHA512
c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30442\ucrtbase.dll

Filesize
987KB

MD5
7dbabe7756944f6c3d402e97ff900499

SHA1
a562a5c60bf39cad84f11cafec0c5c3b09c56689

SHA256
616d70b2d1518408eb17c610e459ff75d4738ade33a5879667463f08677c1d55

SHA512
a65c555fe917cf91f69781ec89269a35ae9d3b406cebdf207e27e353b5246c3d9bd25d1a8b1664140e61bd4e2aa882d196fd2a6f9073f9b7ac3a8246a953eca8

Download Submit
memory/2568-75-0x000007FEF6070000-0x000007FEF6659000-memory.dmp

Filesize
5.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads