Malware Analysis Report

2025-06-16 02:15

Sample ID 240122-2kscdsdfhn
Target Vape_Launcher.exe
SHA256 2809abeff525d504140c1fa73be37d4b5292be1e1a42528e1559075136a3adfb
Tags
asyncrat default rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2809abeff525d504140c1fa73be37d4b5292be1e1a42528e1559075136a3adfb

Threat Level: Known bad

The file Vape_Launcher.exe was found to be: Known bad.

Malicious Activity Summary

asyncrat default rat

AsyncRat

Nirsoft

Async RAT payload

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-22 22:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-22 22:38

Reported

2024-01-22 22:42

Platform

win7-20231215-en

Max time kernel

151s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Vape_Launcher.exe"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Nirsoft

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape_Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape_Launcher.exe N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Vape_Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Vape_Launcher.exe"

C:\Users\Admin\AppData\Local\Temp\Infected.exe

"C:\Users\Admin\AppData\Local\Temp\Infected.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 18.ip.gl.ply.gg udp
US 147.185.221.18:6915 18.ip.gl.ply.gg tcp
US 147.185.221.18:6915 18.ip.gl.ply.gg tcp
N/A 127.0.0.1:8080 tcp

Files

memory/2148-0-0x0000000074D80000-0x000000007532B000-memory.dmp

memory/2148-1-0x0000000074D80000-0x000000007532B000-memory.dmp

memory/2148-2-0x0000000006B90000-0x0000000006BD0000-memory.dmp

\Users\Admin\AppData\Local\Temp\Infected.exe

MD5 d08bccadaa48c06a1469789ff0112691
SHA1 0dc033820315a9065ad0b1a711ac6fc08c750a28
SHA256 cdcdc9ba2ac83c9fa2d65683f99723f2d377660f204be8fc4eecb0097e7751df
SHA512 176b8b0c39807e61eda9a274c1055b5fec2c23a12661028848271a0cd85dda9759f10f9b466f124602b92463a644879adc7d36ec7c87cf9c3c4d49407365e704

memory/2692-9-0x0000000000AF0000-0x0000000000B06000-memory.dmp

memory/2692-10-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

memory/2692-13-0x000000001B0B0000-0x000000001B130000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe

MD5 939fa67b074d1ef2130bd73b3b4874c4
SHA1 b4fe2468cea7ee332405838496b5e0412ecdec20
SHA256 627bf5ec853d08b67dbeb5d5492dadb9c777d34cc4f55b960f096bcb6dcc5590
SHA512 d45e04fd930f9e86a8e5463601d8df6a01e08a2e49d864acf78f021d6c791f84c799e570f8fd7f2d0d09128ef43a062136d2b1576990883c648d46fb0eb7c9e7

C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe

MD5 9618a49b1accf26cec8a6be9dd97a920
SHA1 c103169e3038d7d9b3c8c7c3b28bf46d368e856f
SHA256 d4d4b256353cb57a048a1b888f0d96835956c2a0b1d48dfd9b569d3400650d17
SHA512 8209bbc7819e821c624954388b8b2648a1254d63237e516e3793f81e79b7fc06d2d00fffc2b3fbdaa4beba13f29bea09159f7d5c09ae1bd38a3356a1b1acaaa8

\Users\Admin\AppData\Local\Temp\Vape Launcher.exe

MD5 945aafd975a1c8077f323749a92600d6
SHA1 365da6b022e155de12752fc93e14238627434640
SHA256 ba7bfedbea30aeb079fb8e94633178f116f27951f921500b1fb012792bd3a4f5
SHA512 ff9966c32cefb2c50edc2b6f903f5764fd48bb4f88579f1677f9b2c876bd2ef6be15c8740b8b1a46207eef339e29bf7db90a8b934db0c95129f5589c6e30bd68

memory/2576-18-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

memory/2148-19-0x0000000074D80000-0x000000007532B000-memory.dmp

memory/2576-20-0x0000000000370000-0x0000000003FCA000-memory.dmp

memory/2692-21-0x0000000077BA0000-0x0000000077D49000-memory.dmp

memory/2576-22-0x000000001FA00000-0x000000001FA80000-memory.dmp

memory/2576-23-0x0000000020A60000-0x0000000020BD6000-memory.dmp

memory/2576-24-0x0000000000340000-0x0000000000372000-memory.dmp

memory/2576-25-0x000000001FA00000-0x000000001FA80000-memory.dmp

memory/2576-26-0x000000001FA00000-0x000000001FA80000-memory.dmp

memory/2576-27-0x0000000006090000-0x00000000060AC000-memory.dmp

memory/2576-28-0x0000000004650000-0x0000000004656000-memory.dmp

\Users\Admin\AppData\Local\Temp\Vape Launcher.exe

MD5 bcc78d6990ad722c6c78497de7c4811d
SHA1 1077b38f8371bab5eb602788d5beace77d963d0d
SHA256 baf3fe4a8adc40fa8fa3049fde20b24738577f98aa232fb7d93ea10dddf25a7d
SHA512 6d352092836e4265d04f6387062007d3007b72568b964dddb2dc3bcf8518b8fd76e1c5a8376f48d894493699d282fe10ac9f0dfff8c4609be8cfffe5633a23cf

memory/2576-30-0x000000001FA00000-0x000000001FA80000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab9188.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

memory/2692-47-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

memory/2692-48-0x0000000000550000-0x0000000000584000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TarA865.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

memory/2692-67-0x000000001B0B0000-0x000000001B130000-memory.dmp

memory/2576-68-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

memory/2692-69-0x0000000077BA0000-0x0000000077D49000-memory.dmp

memory/2576-70-0x000000001FA00000-0x000000001FA80000-memory.dmp

memory/2576-71-0x000000001FA00000-0x000000001FA80000-memory.dmp

memory/2576-72-0x000000001FA00000-0x000000001FA80000-memory.dmp

memory/2576-73-0x000000001FA00000-0x000000001FA80000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-22 22:38

Reported

2024-01-22 22:42

Platform

win10v2004-20231215-en

Max time kernel

152s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Vape_Launcher.exe"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Nirsoft

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Vape_Launcher.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Vape_Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Vape_Launcher.exe"

C:\Users\Admin\AppData\Local\Temp\Infected.exe

"C:\Users\Admin\AppData\Local\Temp\Infected.exe"

C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 16.234.44.23.in-addr.arpa udp
N/A 127.0.0.1:8080 tcp
US 8.8.8.8:53 18.ip.gl.ply.gg udp
US 147.185.221.18:6915 18.ip.gl.ply.gg tcp
US 8.8.8.8:53 18.221.185.147.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 147.185.221.18:6915 18.ip.gl.ply.gg tcp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp

Files

memory/4608-0-0x00000000744A0000-0x0000000074A51000-memory.dmp

memory/4608-1-0x00000000744A0000-0x0000000074A51000-memory.dmp

memory/4608-2-0x0000000008410000-0x0000000008420000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Infected.exe

MD5 d08bccadaa48c06a1469789ff0112691
SHA1 0dc033820315a9065ad0b1a711ac6fc08c750a28
SHA256 cdcdc9ba2ac83c9fa2d65683f99723f2d377660f204be8fc4eecb0097e7751df
SHA512 176b8b0c39807e61eda9a274c1055b5fec2c23a12661028848271a0cd85dda9759f10f9b466f124602b92463a644879adc7d36ec7c87cf9c3c4d49407365e704

memory/2028-14-0x00000000002A0000-0x00000000002B6000-memory.dmp

memory/2028-15-0x00007FFD48370000-0x00007FFD48E31000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe

MD5 fbfc954fcc998f53b95a5facc242f5c6
SHA1 715b83929187bb735901c9bc897486b4fcf8b3b3
SHA256 ec5a7070d1edf4e4bb7d797e54ae0366348fc7a233377649ec71c4e009e4599a
SHA512 8ad113e70addb62b88820f13ca814c95e4f9ca0b9e1167884594808ff00025aa7af314d2f2d0e7c6db4585f3df69257087d03515938382772c8c4e8613ec582f

memory/2028-24-0x000000001AE70000-0x000000001AE80000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe

MD5 e62bce5650f41618d25b062a58527b42
SHA1 2994c16b2802fcac74af0ae92b9fe8471e32a644
SHA256 51985a99afb52866724ad80a67a5258aaaaaaaa22297937c12ba7787a29f035a
SHA512 f52931a0541f67c1c49b6a61943f6ed0c5da4ae6d2d63f6702af1b84e72e10cc2e91cd4555afeb7de2a26fb61d137224c741d8430dc9f21698ad73dd72bd449d

C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe

MD5 bbf95eea023c3866de080ee757feb9e1
SHA1 075770c06794698a325dd8c508466b4e59809fe6
SHA256 5289b28940ecd498b1db55ac7048fcb73d099f21525e65fcbb775387faac0e80
SHA512 decb9f2f1547386a38d99d5ef74915c0cbdd5b31c337dee3d9cb4121a2bfc39f516261c9d03d2c88ca293a959b22d428cd163f3ff9b8227b649ca3c538421ffc

memory/4608-29-0x00000000744A0000-0x0000000074A51000-memory.dmp

memory/3584-30-0x00007FFD48370000-0x00007FFD48E31000-memory.dmp

memory/3584-31-0x00000202F7C30000-0x00000202FB88A000-memory.dmp

memory/3584-32-0x00000202FE100000-0x00000202FE110000-memory.dmp

memory/3584-33-0x00000202FDF30000-0x00000202FE0A6000-memory.dmp

memory/3584-34-0x00000202FBC30000-0x00000202FBC62000-memory.dmp

memory/3584-36-0x00000202FE100000-0x00000202FE110000-memory.dmp

memory/3584-35-0x0000020298CA0000-0x0000020298CBC000-memory.dmp

memory/3584-37-0x0000020298CC0000-0x0000020298CC6000-memory.dmp

memory/3584-38-0x00000202FE100000-0x00000202FE110000-memory.dmp

memory/2028-39-0x00007FFD678D0000-0x00007FFD67AC5000-memory.dmp

memory/2028-40-0x00007FFD48370000-0x00007FFD48E31000-memory.dmp

memory/3584-41-0x00007FFD48370000-0x00007FFD48E31000-memory.dmp

memory/3584-42-0x00000202FE100000-0x00000202FE110000-memory.dmp

memory/2028-44-0x000000001CBF0000-0x000000001CC24000-memory.dmp

memory/2028-43-0x000000001CC70000-0x000000001CCE6000-memory.dmp

memory/2028-45-0x000000001CC20000-0x000000001CC3E000-memory.dmp

memory/3584-46-0x00000202FE100000-0x00000202FE110000-memory.dmp

memory/3584-47-0x00000202FE100000-0x00000202FE110000-memory.dmp

memory/2028-48-0x00007FFD678D0000-0x00007FFD67AC5000-memory.dmp