958e65dedf5f42e310cbf4e7ba87ce130c2b60d95afb1da8f7390f2002f6caa2

Resubmissions

22-05-2024 15:54

22-05-2024 15:32

19-05-2024 21:56

19-05-2024 21:54

19-05-2024 21:53

19-05-2024 20:56

18-05-2024 09:15

18-05-2024 00:54

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19-05-2024 21:56

Target

ByteVaultX 2.0.exe
Size

9.9MB
MD5

98e3408a9432d5046691c4cc744eb244
SHA1

c1e9d2c89d2cb72ee2f0f11ef97b2cb07d070142
SHA256

958e65dedf5f42e310cbf4e7ba87ce130c2b60d95afb1da8f7390f2002f6caa2
SHA512

dd4451441a051a6e9cc1be16702aaea1ce0fee4bd78c30cde050636e573b0ec1fcae4cde654a1928c941410840b8d0f989932779fc59e7bf70ce444029e689d5
SSDEEP

196608:ShFaRIk7AHkPkRJW9GNZA1HeT39Iig6eE9TFa0Z8DOjCdylNo1nz8QW7tx:tGFG8S1+TtIi+Y9Z8D8CclydoPx

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

ByteVaultX 2.0.exe

pid process

2152 ByteVaultX 2.0.exe

pid	process
2152	ByteVaultX 2.0.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

ByteVaultX 2.0.exe

description	pid	process	target process
PID 2888 wrote to memory of 2152	2888	ByteVaultX 2.0.exe	ByteVaultX 2.0.exe
PID 2888 wrote to memory of 2152	2888	ByteVaultX 2.0.exe	ByteVaultX 2.0.exe
PID 2888 wrote to memory of 2152	2888	ByteVaultX 2.0.exe	ByteVaultX 2.0.exe

C:\Users\Admin\AppData\Local\Temp\ByteVaultX 2.0.exe
"C:\Users\Admin\AppData\Local\Temp\ByteVaultX 2.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2888

C:\Users\Admin\AppData\Local\Temp\ByteVaultX 2.0.exe
"C:\Users\Admin\AppData\Local\Temp\ByteVaultX 2.0.exe"
2⤵
- Loads dropped DLL
PID:2152

C:\Users\Admin\AppData\Local\Temp\_MEI28882\python312.dll

Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit