Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
25/05/2024, 23:21
Behavioral task
behavioral1
Sample
ByteVaultX 2.0.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
ByteVaultX 2.0.exe
Resource
win7-20240419-en
Behavioral task
behavioral3
Sample
ByteVaultX 2.0.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
ByteVaultX 2.0.exe
Resource
win11-20240508-en
General
-
Target
ByteVaultX 2.0.exe
-
Size
9.9MB
-
MD5
72c65f1b271ae812c9c00fe7dbef3ee7
-
SHA1
98327e138efdcdbfcb02787ad3f9b729e617df6e
-
SHA256
d1314cc2b3ddd84224b7b6fe78c9ca75dceed34799b6715086eeacd687e84017
-
SHA512
21595d8bc9fe4c94a74b28acbe65e9a98f2c39e23d9e41bb5bfcaae01f11c11bfade391f04edd5853081c4ab1df051aa6f71c6203d7eac39b3446a3e357be273
-
SSDEEP
196608:Th30RIk7AHkPkRJW9GNZA1HeT39Iig6eE9TFa0Z8DOjCdylNo1nz8QW7tx:mGFG8S1+TtIi+Y9Z8D8CclydoPx
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2184 ByteVaultX 2.0.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 992 wrote to memory of 2184 992 ByteVaultX 2.0.exe 28 PID 992 wrote to memory of 2184 992 ByteVaultX 2.0.exe 28 PID 992 wrote to memory of 2184 992 ByteVaultX 2.0.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\ByteVaultX 2.0.exe"C:\Users\Admin\AppData\Local\Temp\ByteVaultX 2.0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:992 -
C:\Users\Admin\AppData\Local\Temp\ByteVaultX 2.0.exe"C:\Users\Admin\AppData\Local\Temp\ByteVaultX 2.0.exe"2⤵
- Loads dropped DLL
PID:2184
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.6MB
MD53c388ce47c0d9117d2a50b3fa5ac981d
SHA1038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35