9b989d47e010206b0e0d50957a6f5361247bec54837ad5ef631dd613ff9f3243

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 10:45 UTC

Target

ByteVault.exe
Size

9.9MB
MD5

4ea77d2b5cb4323fbd1738295b7add93
SHA1

d00b1e2054dca021f3a15a10a3b1753b37d92b85
SHA256

9b989d47e010206b0e0d50957a6f5361247bec54837ad5ef631dd613ff9f3243
SHA512

09fcf25f769274399aa21b584fdc1d5efe8f1bf9aa50910e3296102e0681567ea8c60cd474fd0b3c4b6f0704fcea787bc754fb57ce903df68a6c62b1e1d1c1a6
SSDEEP

196608:RhqWfIk7AHkPkRJW9GNZA1HeT39IigaeE9TFa0Z8DOjCdylwo1nz8QW7tx:zQFG8S1+TtIiEY9Z8D8CclPdoPx

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2144	ByteVault.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2144	2080	ByteVault.exe	28
PID 2080 wrote to memory of 2144	2080	ByteVault.exe	28
PID 2080 wrote to memory of 2144	2080	ByteVault.exe	28

C:\Users\Admin\AppData\Local\Temp\ByteVault.exe
"C:\Users\Admin\AppData\Local\Temp\ByteVault.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Users\Admin\AppData\Local\Temp\ByteVault.exe
  "C:\Users\Admin\AppData\Local\Temp\ByteVault.exe"
  2⤵
  - Loads dropped DLL
  PID:2144

C:\Users\Admin\AppData\Local\Temp\_MEI20802\python312.dll

Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit