Overview
overview
7Static
static
3VapeV4.exe
windows10-1703-x64
7$PLUGINSDI...ls.dll
windows10-1703-x64
3$PLUGINSDI...em.dll
windows10-1703-x64
3LICENSES.c...m.html
windows10-1703-x64
1VapeV4.exe
windows10-1703-x64
7d3dcompiler_47.dll
windows10-1703-x64
1ffmpeg.dll
windows10-1703-x64
1libEGL.dll
windows10-1703-x64
1libGLESv2.dll
windows10-1703-x64
1resources/elevate.exe
windows10-1703-x64
1vk_swiftshader.dll
windows10-1703-x64
1vulkan-1.dll
windows10-1703-x64
1$PLUGINSDI...7z.dll
windows10-1703-x64
3Analysis
-
max time kernel
149s -
max time network
147s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
23/04/2024, 19:28
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
VapeV4.exe
Resource
win10-20240404-en
windows10-1703-x64
16 signatures
150 seconds
Behavioral task
behavioral2
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10-20240404-en
windows10-1703-x64
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win10-20240404-en
windows10-1703-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
LICENSES.chromium.html
Resource
win10-20240404-en
windows10-1703-x64
8 signatures
150 seconds
Behavioral task
behavioral5
Sample
VapeV4.exe
Resource
win10-20240404-en
windows10-1703-x64
9 signatures
150 seconds
Behavioral task
behavioral6
Sample
d3dcompiler_47.dll
Resource
win10-20240404-en
windows10-1703-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
ffmpeg.dll
Resource
win10-20240404-en
windows10-1703-x64
0 signatures
150 seconds
Behavioral task
behavioral8
Sample
libEGL.dll
Resource
win10-20240404-en
windows10-1703-x64
0 signatures
150 seconds
Behavioral task
behavioral9
Sample
libGLESv2.dll
Resource
win10-20240404-en
windows10-1703-x64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
resources/elevate.exe
Resource
win10-20240404-en
windows10-1703-x64
0 signatures
150 seconds
Behavioral task
behavioral11
Sample
vk_swiftshader.dll
Resource
win10-20240404-en
windows10-1703-x64
0 signatures
150 seconds
Behavioral task
behavioral12
Sample
vulkan-1.dll
Resource
win10-20240404-en
windows10-1703-x64
0 signatures
150 seconds
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10-20240404-en
windows10-1703-x64
2 signatures
150 seconds
General
-
Target
LICENSES.chromium.html
-
Size
8.4MB
-
MD5
e400cd908b8fb7c13985e2f5cc7a7044
-
SHA1
bbafebdf5b067a7d7da130025851eaa52ec3c9d7
-
SHA256
ee3b1ab8794c749673ce9bd2dd302f12d69f0a1a4adfe40a64247746cc311829
-
SHA512
e7ca440f0e042d7fcfa99367426bf19899a2b227c6d7b6e2c25d4f1a40113250f21ebeaaf91067d8569dfbad1415d4fe3e5626d7254722f2778497fcb22e5d6e
-
SSDEEP
24576:/UrV6CI675knWSgRBPyQlrUmf1C6C6y6Z6/678HqBMUpuQ:MsWKA
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583747207253941" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4108 chrome.exe 4108 chrome.exe 3028 chrome.exe 3028 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4108 chrome.exe 4108 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4108 wrote to memory of 3776 4108 chrome.exe 74 PID 4108 wrote to memory of 3776 4108 chrome.exe 74 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 4332 4108 chrome.exe 76 PID 4108 wrote to memory of 620 4108 chrome.exe 77 PID 4108 wrote to memory of 620 4108 chrome.exe 77 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78 PID 4108 wrote to memory of 1324 4108 chrome.exe 78
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4108 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa25f79758,0x7ffa25f79768,0x7ffa25f797782⤵PID:3776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1780,i,8895372739265698026,10560256413942924962,131072 /prefetch:22⤵PID:4332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1780,i,8895372739265698026,10560256413942924962,131072 /prefetch:82⤵PID:620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1780,i,8895372739265698026,10560256413942924962,131072 /prefetch:82⤵PID:1324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2820 --field-trial-handle=1780,i,8895372739265698026,10560256413942924962,131072 /prefetch:12⤵PID:1716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2828 --field-trial-handle=1780,i,8895372739265698026,10560256413942924962,131072 /prefetch:12⤵PID:3360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 --field-trial-handle=1780,i,8895372739265698026,10560256413942924962,131072 /prefetch:82⤵PID:2416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4232 --field-trial-handle=1780,i,8895372739265698026,10560256413942924962,131072 /prefetch:82⤵PID:4780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1780,i,8895372739265698026,10560256413942924962,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3028
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4944
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD53b4c459be24e8586a1f29bf0e63c9fff
SHA1194f2d86dac56e9a19a86f6ebdf76857459c0c3d
SHA2568c53a0eb47aeb3cafcc1922e61a4fff8dc84c52d1c96c8212709868dc5f6b5f7
SHA512cc8e66370285ddf15e1f5335a06d05a16f3ce16eee4139afa5f1f82f1177f89609a6fd0fe178bfe37b96bb7e92a4b02bfc9013e73c1ce25c1171669f0dc28dfb
-
Filesize
5KB
MD57d5ddeb072269419bfe9bfdbf6ce7056
SHA124be1a90a7f365603105b436ea3542d94a86fe38
SHA25611d1015f5fdd01248d491f824c2b05dcfff4070d561d8a6fc27c97a00d2a66c0
SHA512cc29cc3249047312551a92bb9550765b9618726c50a7cd9e992fae498fae4f76654fb60cbe337a23a6f342443adabb54bd6210fff269f63924c17c4471a250f4
-
Filesize
5KB
MD5ada8ba5cf70564f66e5ab797ef1d7c8f
SHA153696b0a7973d0dab0b67f6b6b87b38b1d3cf757
SHA256f44eb0154319dbd579e3b0b3772e4397053e7028b3c9593f8a706f79144bf326
SHA512c2f41282d0ac791e3876f23d1ef9b5a78255e250bf9e273aadcbdd563f4b8bb656f2502606b1e95246f3cf2ca5a6188a4f111aaedfa9e593cac1258504f56af6
-
Filesize
136KB
MD540b7ba62a6baf5ac2a52fa4a720b697c
SHA14ece423e2854d43f46ca415b720d83264ea44212
SHA256cac26df8f000fa15caf04671b8ed203c1e8d55dc775eeec059a300714890d185
SHA5126043fd1862184945d6d6d08563cfe57730bc746197c6bc5cf78fe25547bdba3245dae825122feda59a2c2ba229720fcba9999474c9ba47b4f352df5027a30a74
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd