Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
25-05-2024 21:56
General
-
Target
Vapecracked_by_decends.exe
-
Size
22.6MB
-
MD5
a7b3191cdfa74d0870b701e81796c75b
-
SHA1
4ef880d5d6787ec283244609af91bd68a71ae6e2
-
SHA256
1a1bf890b2397155a2cb7f37e94ce4ed6c6466c433f0ee3617ab0ec2931ce61f
-
SHA512
24cf2ec5c42e59d05b6dae1225c952607a2f239498a113f2681eea4653eb94565bfb0422f657483efe33fef0ca04aa154f0555646cf275a634f4e49a61a6d79f
-
SSDEEP
393216:Qo9DM45Cto5L1V8dkurEUWj5EnBSVkRIrY87FNwrMiE1PcZYE9buK+:d9NMgRndbQzcY87FyMiRYEEK+
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Vapecracked_by_decends.exe"C:\Users\Admin\AppData\Local\Temp\Vapecracked_by_decends.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Vapecracked_by_decends.exe"C:\Users\Admin\AppData\Local\Temp\Vapecracked_by_decends.exe"2⤵
- Loads dropped DLL
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI12842\python312.dllFilesize
1.7MB
MD5fb8bedf8440eb432c9f3587b8114abc0
SHA1136bb4dd38a7f6cb3e2613910607131c97674f7c
SHA256cb627a3c89de8e114c95bda70e9e75c73310eb8af6cf3a937b1e3678c8f525b6
SHA512b632235d5f60370efa23f8c50170a8ac569ba3705ec3d515efcad14009e0641649ab0f2139f06868024d929defffffefb352bd2516e8cd084e11557b31e95a63
-
memory/2548-112-0x000007FEF5B20000-0x000007FEF61E5000-memory.dmpFilesize
6.8MB