Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Vape_Launcher.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    153s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/01/2024, 21:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Vape_Launcher.exe

  • Size

    94.6MB

  • MD5

    b99c3ffb881206c15be0cf1e88267ada

  • SHA1

    c58375b1fb2271207881286f9683c40ef6d732b2

  • SHA256

    2809abeff525d504140c1fa73be37d4b5292be1e1a42528e1559075136a3adfb

  • SHA512

    dff35370682e013cd37cd4974ab53c296fb9bdc1e8b11894902c76d6b44972d0ce39ffaf5631ea1d76f3eeca9af458faf1a589a1880d145149c433b5ff110cb0

  • SSDEEP

    1572864:KrrBrau8j2BYvBNY38m8M64Bo0okX5ZXRTRBvj0LMSLna7Yx6no8ZIxRy9/2Qh3u:saLGBTnr7IQ2

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:8080

127.0.0.1:6915

18.ip.gl.ply.gg:8080

18.ip.gl.ply.gg:6915
Mutex

ااΗFKΙD尺w比Tبب9AI斯8C

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 2 IoCs
    rat
  • Nirsoft 4 IoCs
  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Vape_Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Vape_Launcher.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2396
    • C:\Users\Admin\AppData\Local\Temp\Infected.exe
      "C:\Users\Admin\AppData\Local\Temp\Infected.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:5380
    • C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe
      "C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Infected.exe
    Filesize

    64KB

    MD5

    d08bccadaa48c06a1469789ff0112691

    SHA1

    0dc033820315a9065ad0b1a711ac6fc08c750a28

    SHA256

    cdcdc9ba2ac83c9fa2d65683f99723f2d377660f204be8fc4eecb0097e7751df

    SHA512

    176b8b0c39807e61eda9a274c1055b5fec2c23a12661028848271a0cd85dda9759f10f9b466f124602b92463a644879adc7d36ec7c87cf9c3c4d49407365e704

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe
    Filesize

    1.7MB

    MD5

    7522deaf33d557e3ccf280fe1fdfd617

    SHA1

    c271023f336b5057e474a149a8e5965f6ca436f8

    SHA256

    abc99bedc258091de5a5a70f15593f3520e6a3d4dd9f25f278271d64b77e7499

    SHA512

    6a2ecb2eaa033e6362f3318155159b86666017dc832b2efb8dfa69c5a9e7c773cec4765bba54dad18f7c14bb59ae24b0c55762612c71151cf3f6b553a37b9d0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe
    Filesize

    1.3MB

    MD5

    00e4aac3935f9070dfdf0013a1ff97f9

    SHA1

    e658d3ad9fbb78c5c62e81168fc10098c947052f

    SHA256

    40bafd3962c66e20c5adabf67d7adb435fbfa8b614de83ce724b364c2acfbadb

    SHA512

    58ec0652be4e1fc5d76e6b1edce7ac3acab8f9100b3277edb51b62c58db4073c4ccf26467562293290cc01d373705925170dc17d74844a5fa6a18bd10148bdb4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe
    Filesize

    1.1MB

    MD5

    82ffc9bfc9bad0ecb925447a8e08b762

    SHA1

    35caea8fe613aae298d444eaa77564c077721db2

    SHA256

    6f5c49b75f0bfa28a5cf6366786ec3f45683c1c2f979410720a4b107e7426ceb

    SHA512

    c8b0e84f69ba68841b493f139f364822d8ff130745264903bc1e3e4162d1a9124cc7dec1b5681a69b8348f89d3bf7cdae0b037306d53fa2ea7b862f3981a43c6

    Download Submit

  • memory/2396-2-0x0000000009070000-0x0000000009080000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2396-1-0x0000000074EA0000-0x0000000075451000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2396-0-0x0000000074EA0000-0x0000000075451000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2396-29-0x0000000074EA0000-0x0000000075451000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4032-40-0x00000254F87C0000-0x00000254F87D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4032-38-0x00000254F87C0000-0x00000254F87D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4032-50-0x00000254F87C0000-0x00000254F87D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4032-30-0x00007FFAC2630000-0x00007FFAC30F2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4032-31-0x00000254F4710000-0x00000254F836A000-memory.dmp

    Filesize

    60.4MB

    Download

  • memory/4032-48-0x00000254F87C0000-0x00000254F87D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4032-33-0x00000254F87C0000-0x00000254F87D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4032-34-0x00000254FA8F0000-0x00000254FAA66000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4032-35-0x00000254F87D0000-0x00000254F8802000-memory.dmp

    Filesize

    200KB

    Download

  • memory/4032-37-0x00000254F87C0000-0x00000254F87D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4032-36-0x00000254FC820000-0x00000254FC83C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4032-49-0x00000254F87C0000-0x00000254F87D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4032-39-0x00000254FC840000-0x00000254FC846000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4032-47-0x00000254F87C0000-0x00000254F87D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4032-45-0x00007FFAC2630000-0x00007FFAC30F2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5380-44-0x000000001B7C0000-0x000000001B7D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5380-43-0x00007FFAC2630000-0x00007FFAC30F2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5380-46-0x00007FFAE36E0000-0x00007FFAE38E9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5380-14-0x00000000009D0000-0x00000000009E6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/5380-24-0x000000001B7C0000-0x000000001B7D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5380-32-0x00007FFAE36E0000-0x00007FFAE38E9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5380-15-0x00007FFAC2630000-0x00007FFAC30F2000-memory.dmp

    Filesize

    10.8MB

    Download