Analysis
-
max time kernel
95s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
22-04-2024 01:21
General
-
Target
Vape v4.10.rar
-
Size
17.5MB
-
MD5
94225360f6c43806154028b59d6fcd7e
-
SHA1
c833f9e216bb703ab8db48492420d4119485fac1
-
SHA256
d97404002e0dc33afd30404a4462706b9892d82161c47d5b6ac57b4f0c397526
-
SHA512
b0ea74d4cd45ff35303751df937ea2fc0209d317bb9e0813cf26db7ecd4ea8d8cea13e428b18859bf5495108f3de6f1eb9529e4eadc71814c4de29c58b47fe67
-
SSDEEP
393216:sSWGYXyOJzz617iGtDmm67eSspjsP7yKbaPajSFxY:hWGhOpWdp67l9baijay
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Vape v4.10.rar"1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Vape v4.10\" -ad -an -ai#7zMap31838:78:7zEvent112591⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Vape v4.10\WARNING (READ ME).txt1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Vape v4.10\vape v4.10\bapeclient.bat" "1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\mode.commode 55, 92⤵
-
-
C:\Windows\system32\PING.EXEping localhost -n 5.52⤵
- Runs ping.exe
-
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava --add-opens java.base/java.lang=ALL-UNNAMED -jar vape-loader.jar2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
409B
MD58df67363511e87829f63be7189338adb
SHA13081a4a4d141098cbd32ddf631949ed745d67b66
SHA2562b1ae5f68ddb5acaee0f148d6e15459213179f6c1c6a3c4bdc20788a459a82f0
SHA512dd6eb0e37d31ca00e3822fe3d4b1ffaeccd7faa5b071b9a4b969253a005b4293f6ac2a9e57a5e72b901a2e2936f9aeaceb3dbcf80a4a2ce918f05ffbc92ed910
-
Filesize
212B
MD545e402e32c7fabf579c3a048396ca270
SHA118950dc60c913a0a7b098cbd55d2bf3087d2447a
SHA2569d87e71946d492dc878fdda9ce8693b820dcab116d52b60e429eff37c1b8b707
SHA512b286685f1efd07ade19876c522dd01d47ce9ef6b49da920f96163687e6728cf82f3d21d358029f3f1fe738a524711b6caf71a2ff789c52ef44b28104ed09f916