e5cd6c7759a49f0991ee2ed2c6ed5b46a559020c25822b6c4ee94a42131ee801

Analysis

max time kernel
83s
max time network
239s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

slinkyfixed.exe
Size

19.1MB
MD5

b9d3dc5cb1c5e79eb5a5eed4ad1850a6
SHA1

e289a5442531740850e11c5690fed58c50e72d50
SHA256

e5cd6c7759a49f0991ee2ed2c6ed5b46a559020c25822b6c4ee94a42131ee801
SHA512

ecd9e5bad4bcf151160b42347890c686f7f3fc2334a702854950efb505e8c02658dca1fbd475c6c3db6865f7a102d369c6da9aa768e3c607e3b5797ee5c34463
SSDEEP

393216:To9DF23QDxt5L1V8dJB+7/pWYkRiu3HBseZWdp9N5HHTy:09o3QNDR4B+7/pWSux/ORz

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

slinkyfixed.exe

pid process

2552 slinkyfixed.exe

pid	process
2552	slinkyfixed.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI11522\python311.dll	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

25 discord.com
26 discord.com
27 discord.com
28 discord.com

flow	ioc
25	discord.com
26	discord.com
27	discord.com
28	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Opens file in notepad (likely ransom note) 2 IoCs
ransomware

Processes:

NOTEPAD.EXENOTEPAD.EXE

pid process

2192 NOTEPAD.EXE
3068 NOTEPAD.EXE
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

960 chrome.exe
960 chrome.exe

pid	process
2192	NOTEPAD.EXE
3068	NOTEPAD.EXE

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

slinkyfixed.exechrome.exe

description	pid	process	target process
PID 1152 wrote to memory of 2552	1152	slinkyfixed.exe	slinkyfixed.exe
PID 1152 wrote to memory of 2552	1152	slinkyfixed.exe	slinkyfixed.exe
PID 1152 wrote to memory of 2552	1152	slinkyfixed.exe	slinkyfixed.exe
PID 960 wrote to memory of 2256	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2256	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2256	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 1740	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2140	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2140	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2140	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe
PID 960 wrote to memory of 2136	960	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\slinkyfixed.exe
"C:\Users\Admin\AppData\Local\Temp\slinkyfixed.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1152

C:\Users\Admin\AppData\Local\Temp\slinkyfixed.exe
"C:\Users\Admin\AppData\Local\Temp\slinkyfixed.exe"
2⤵
- Loads dropped DLL
PID:2552

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1528

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6af9758,0x7fef6af9768,0x7fef6af9778
2⤵
PID:2256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:2
2⤵
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:8
2⤵
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1520 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:8
2⤵
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:1
2⤵
PID:2884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:1
2⤵
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1448 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:2
2⤵
PID:2612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1188 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:1
2⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3264 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:8
2⤵
PID:2356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3600 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:8
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:8
2⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3828 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:1
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3332 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:1
2⤵
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3764 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:1
2⤵
PID:1744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2500 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:8
2⤵
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3188 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:1
2⤵
PID:2024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4128 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:8
2⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1264,i,16958162771162248348,6716027353270855417,131072 /prefetch:8
2⤵
PID:1536

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Vape v4 cracked best.rar"
2⤵
PID:1432

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2892

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2496

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Vape v4 cracked best.rar"
1⤵
PID:2404

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Vape v4 cracked best.rar"
1⤵
PID:1132

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zOC64ACD5A\Readme.txt
2⤵
- Opens file in notepad (likely ransom note)
PID:2192

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zOC6475EAA\vapev4.gg.txt
2⤵
- Opens file in notepad (likely ransom note)
PID:3068

C:\Users\Admin\AppData\Local\Temp\7zOC64EC8EA\Vapev4.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC64EC8EA\Vapev4.exe"
2⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\7zOC6475CFA\VapeInjecter.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC6475CFA\VapeInjecter.exe"
2⤵
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
df6f12f46138547d0e5b0aa63ced5443

SHA1
03593ece3ffd21b9cb44e3e076c229b92cb786d3

SHA256
5d5dafadbdc7f26131b1bf0c3470ed0a4de980a9393d35284a9bd3d313948df3

SHA512
947284e326c251bcc6215efc82939a1ea2a08ac9138fd7a7a702d23bc08d65cef90be5b612a90903895dafe4b7af2da99620ac147c3482b9bfb7b3f3fddcc447

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
47554b3653e229356a40bb6deec736c8

SHA1
7216a97feb47248c3ff0811c45c4f74d72f70183

SHA256
d1c9ef8d683828fd6372bec989b746175e37ee93fbdbe41dfc6ba469418901e7

SHA512
a6075e403434e1a02e0ea16763a8abad08cc1f1ff26598d34df22dc196d3f8401f03e9f68097bfda0580fb605609745034c801f5a38be62911eca02bdcc65b81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
84a1eb34c610b5408db2cfc0a3f23044

SHA1
104cdbf80f04157a3ba147ea4157b8fe347c170e

SHA256
21cd2d8ab7fd0fd07637c62778bc154978cfd6551992b7f7545e7cbfa9de60ef

SHA512
530af833cb373cda64ca19fb070bffae8d1fab1363497b36d63aa6ef16775f51524c87c77820e5b3c9f6d17813313271c2a8c787c45178dc3475da6cbbb0ab0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
74133a637db60ba0ab34f4981b4fdd15

SHA1
28a08d9c3f87811467361541ffdd65e0f527dd36

SHA256
d1b4eb7f7511954102b33565928ab2a0191e322fd6415a4b6a0f99b2186f23aa

SHA512
885070763526900874fefc3a5fa171b45e0b63baa89a2622d719b6c06c99a118bc964e5902d5e0e440c41c9da4eead825a812a98c2b167d6c2fa20782d38b09d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d3b9e3f37121a4a460e756aa9d991594

SHA1
7deac751b7f3dbf4433b99fce9b89095ccd878af

SHA256
8deac50d03cf84377f030ba93ea2f5831708e71c910b2c7dab5f5c8894e5c633

SHA512
8db3a532a9461a2042228d67acf490c385adcdb22da007afb4926aa4abd863509ac200e7e257e103e7b214101a63e15c9103c45dcf5cc41638ced3e9b5a2534a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
efe3919d211e89b8c3f1148b88570896

SHA1
66f3efce6e01850ff161fe0827037bbde01218bb

SHA256
35ba8e5abc04c3d2a429532dc9c0b9c43b929639634e03f9b2c6d8a5e442d5d4

SHA512
1b326e2cc7af2c3dd661acf1b72323677c6b109a2af3643a16e93dc9924536f636c291039fa2127e93cb4ff7287c1fa7649ee6b2922628f847eadc3dabc4ef75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d7016276fb06a8e25764977174e67137

SHA1
235e043072fa977fc7bd41bd88992bbe3b4df956

SHA256
f50b6384c17e8f93ae07cc4e7527b86d5391876bd5645eb70dab8d8887ad798e

SHA512
bc0cbe15d55054f16f4a3ce301612e6840120cdf29efe59b655adbc7f5e0bb1f2d6d82c673eccf3c6a1359734a9f7bb4e4bd737e2f09ab0e2fb2fde349a02892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7a2b4f8313cd2aa5c9b0fe4add2b3929

SHA1
36e38765467548e7099f7edc8a6f08c0d1c947db

SHA256
69cca0aa4948a30a59470606bcf8bf206123cca5c44905d8d2a3f396c584305a

SHA512
3f9a8627d656b84637a426cff4e5bc4cd2665d012a2021fe64ea545753621ff49b82aa2e108219ee8b94efe942d55b3ee8b64e0fa23690a945cb8b1c07dcb006

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
baf9c4f655700989eb34f279067ee6ef

SHA1
bb540391e970bf3ee5e0d1ae8bb6c3f242481030

SHA256
d45fcb2b1e00cdfed9696a9ea580d05dd928762377fa80fb2e8748eb9d8313f4

SHA512
666580f6bddac62cd8e72bf7df00a4e0b5590c009d94598d75ea5b7f42f55b9cbbec8331dd1fa616485939d8c1c5e05d2143cecb57e4eb4a7f9b947f67e37fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
8271e7b747f9420e208c4b177dee270e

SHA1
884c9fd5f42783ecf4f7a8ad954d4f3027d90d9b

SHA256
a0e0335d1712a448b0926834bb105049aee339b9b7d5e12dabb8848c289ae9dc

SHA512
528d17c73f500389007cc524f753cb99c4c5deb751dd123e49c4b3dfcec09b4977aaa45f51527631cf679ae133f60230da4ab60e80e2b4a63172efacad61524e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
42e2c74611d7ddff1993038c2441f882

SHA1
f7fd6fc346c5b09b9ed66f1d342316f4db33b0e1

SHA256
ace07ad058db112066b6c4ce13390a552a13369dcbe8abb594874a9e9c949624

SHA512
1f3365fe48215c96d62d6ab8f1979e2c0ef158424ad2013e6c6fbfc866d538a3789ee5e6f37acb445b3b7653e6a1b4d2462d1a5347d206b3debb6689179ebabb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT~RFf79c3dc.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000002.dbtmp
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
aa4fe4b9c3d51804d08b12c7f1ace3b5

SHA1
4311c550d468fcbf35f23854470f7151d3917a84

SHA256
f812b5684304870a1970ff3e78585839890a8dcbce6b0fdf5eb458836f06b710

SHA512
b03cb1479ca403101fd58768f1f25619e2421940b09d5dc6dc3ed16613b4fe0f891fd124f93b02138bd46ca0ceb431480b3de68f588443bd74de9cbc40f22532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
d6751f79cc0473d6d9354612f70d9b8f

SHA1
d7b1ebedd9a3fd7781ea936efdc82d3a128972d2

SHA256
edf9556f0bbe90922f7a971fb405c39a30c458d5a2e0b77ec65f6b35b52f051b

SHA512
70bbfa8718d64586fa9403c63c4984a2f3829137db7e7346177db55661cc8da71635c6de0e6a7bf4cf1d507397b9e93fe168b78f492f79f4981369d7887ad79a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3ed1977915806a34583810406660aeea

SHA1
4d79bf3b6f6e4902cd990d16be219007bfae8fe8

SHA256
6531aad6c2dfc7101fb39441a6cb400f2bea39bc7e9528c781c107c63ccc1824

SHA512
ba379e3ed3949b4ef0120ce326dcf7fabc0c15c7ff4a717a1ffe584a9e1b3c4736f716f41c7c536ff39bd2fd93d1374ac742e222fb999b86b8b1471133fc9665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
2148b23fc0dbbe6a81157c93dc91c9d3

SHA1
9cddc33d55d60ddfb21d39471c2bcf8c7378deac

SHA256
78e1d5329129b3aa57b1751cc00fce9e57de05c8d2234dae1cdd60eecd05edb2

SHA512
b44336b070b3d5cb5e499177075b9a83e7bd2d5bb6e190c31f53f7591e6a8e465446ab6964a2d31e2421ba91f640a8f94c1c0ce97069f143cb7f8f9b1420680d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
7a67e1374cc81416d4a2385b82fd3d5f

SHA1
42fa2a3a7741006681f1384f217e988618e6fb6c

SHA256
35084c780499678c83a3a8811d4e9a45417dcd7175e8f255abe4d26b5753d2c4

SHA512
78da35c085467da8c2906aa92e6d40c631de431a04edf69af302ee1288694e3e957f287c3ff4af10e405c03039d62835727d75b84c03f376b4aeafa83669e741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
363B

MD5
9f76eb58af7519434fa802b987b15a13

SHA1
1cb62e54738b93c47c5b659d68a80cdbc6dacf01

SHA256
2f19678df60dedfdf233eecc5c8a2342328f22aeb61bcbcd32b926888a330dff

SHA512
82c08affc4a1be9d2da5ece98229ced60c0260a4de93b6f668d3f81ae6af09c16589b1f45d920758da8f26e9c9e8c622149b2cb0d0c6855699a08f922dd1395c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
63b90f3d6488ab2d27dfd41c2e2f0404

SHA1
392d5c7317426387a6b623e4b666ca483827cd8e

SHA256
a9de88394d236eddfd01f04ac733c3ed985ede67cac0584ef655b7771e6787f6

SHA512
6bd9fe452976f08b73cf76964250f8ecc9a225679748119bd68f322ded5fce18aaecec0dfded8b57f56b47f20fc0f491e523a9d6d131046b201db1db9c0fb9b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
1b0ea2bda68902422660437c8a1b9733

SHA1
27fac751e7758c8de405765f17b3625ea2eb48c1

SHA256
f2ac6a8bbdf7ff51c0ba4d07f393edd4eadb4d0339b39da4257b079e02668300

SHA512
64141814e169da0b669fedbf40dc3a0115279996a1f9b48fe3253e38424589e83e76b931b8b7ac0c88d966323354f18469f491adeb33d40db6ea16cde96779fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
e910c4def5ff7bcb3ac6c4deda517923

SHA1
baba016cf10a83d4fcda6c57f035395365712b4c

SHA256
0a21c1b196928b3105ba4e76ee4da8a63bbf4268f2026b56571c896eb854a252

SHA512
ec55469920fe1403b5fca96c8fbf0fce054f50b3cb43653e110df395b5d1a704287aa2ac5218973e74563f0e821700f871dd7cc70be3a6195567241244588a3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
9706e8c2f6e0c472457a901301b0a8e2

SHA1
ad2db5b0bab4c461bd35d749296bf4a2cad3591e

SHA256
69b98aa6ecf52a96cb647fbe4e0aa099cd23101feee636f6facb36602a7e701b

SHA512
e264e4403134c62f5c0b2ad2fdfa81acacb2ceca12e6aa7a3b5a55ffc9b2b0e9319c5d9dc89939b9e4d5b85790c44cfd913db3716534cd64cfe7c8ee59368b4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
8337893f39eb451c3745eba04d5b5b42

SHA1
814268b006b0271fdb5c376599907661bd40ab8e

SHA256
6113cba8d134de712290a18cefbcff1f70389b75fa2689dbbe98a071c4ecf386

SHA512
c27dcc1199139d8074382b573e41647717b62511c29c443263908dcfaaa8dcf338d54ee0e11be1b26d9400555d09d9a79212ab221f5e0ad41ec499f096541978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC6475CFA\VapeInjecter.exe
Filesize
225KB

MD5
af2379cc4d607a45ac44d62135fb7015

SHA1
39b6d40906c7f7f080e6befa93324dddadcbd9fa

SHA256
26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739

SHA512
69899c47d0b15f92980f79517384e83373242e045ca696c6e8f930ff6454219bf609e0d84c2f91d25dfd5ef3c28c9e099c4a3a918206e957be806a1c2e0d3e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC64EC8EA\Vapev4.exe
Filesize
788KB

MD5
a92f13f3a1b3b39833d3cc336301b713

SHA1
d1c62ac62e68875085b62fa651fb17d4d7313887

SHA256
4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c

SHA512
361a5199b5a6321d88f6e7b66eaad3756b4ea7a706fa9dbbe3ffe29217f673d12dd1200e05f96c2175feffc6fecc7f09fda4dd6bfa0ce7bef3d9372f6a534920

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAA2B.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11522\python311.dll
Filesize
1.6MB

MD5
bb46b85029b543b70276ad8e4c238799

SHA1
123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c

SHA256
72c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0

SHA512
5e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31

Download Submit
C:\Users\Admin\Downloads\Vape v4 cracked best.rar
Filesize
457KB

MD5
a9b7f429958baed28f17ed2686fa67da

SHA1
bfec6e9bac709ead41bbc532118eea74a3c6d1b0

SHA256
def03cd0dafb2ea8a7c6f1af6ebc40b77c2c41a7e0566090f789cbaaaaf72c6d

SHA512
97e88a670d6bbe1ff95b33e9cd1add69c898d6b5aad93cb0fddd8e0693ec5066bac7e6ce67205f8aff132384676bb01414d8b694144dacc2ec41332d5c2cf3e0

Download Submit
\??\pipe\crashpad_960_IPIEKKYGWBWQKEAG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2552-109-0x000007FEF6570000-0x000007FEF6B58000-memory.dmp

Filesize
5.9MB

Download