55374ee882a0928b414e523acbe05983279694f2ad7cf3b0204e1af2d6bd6989

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 19:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

VanishV2-main/main.exe
Size

39.4MB
MD5

281c4283543104ab005c0da12f3bb9ec
SHA1

0ff3a346b0a61f891392fea00dfe810a5b80f1c1
SHA256

22fc124cffceba2bcad115f2f42cac04c20fc9385e670d227a66b45c4d167b1e
SHA512

719beec58960d6c8bcad78a50dfbb08e873e507c41bed0db22459515e1624d10d314b8d269da316f93aeecbac0a3b3860cb5b3266c02ba978460bb2386c7a4c2
SSDEEP

786432:3WQtsm8NEFG8baD2j6+s7LWB75zupt5F056r+i8BHQ+oB1T:mQtx8NEFG8baD2qHWB75ifzq68B8B1T

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2096	main.exe
2096	main.exe
2096	main.exe
2096	main.exe
2096	main.exe
2096	main.exe
2096	main.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 2096	1448	main.exe	29
PID 1448 wrote to memory of 2096	1448	main.exe	29
PID 1448 wrote to memory of 2096	1448	main.exe	29

C:\Users\Admin\AppData\Local\Temp\VanishV2-main\main.exe
"C:\Users\Admin\AppData\Local\Temp\VanishV2-main\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Users\Admin\AppData\Local\Temp\VanishV2-main\main.exe
  "C:\Users\Admin\AppData\Local\Temp\VanishV2-main\main.exe"
  2⤵
  - Loads dropped DLL
  PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI14482\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
e0645fddef558dfdf2d89a2312d62ce5

SHA1
11187c5bd67cec3a4c0043f3119fabe5b3fd0b80

SHA256
55565231aaefb87e36e20e8bc9e5f57a6ce60a91ffe2cc29711fb2df70f17560

SHA512
181c821c4e392bbcad94475c9fe09d59bc7512ff1d17ef5eeae552d7df3d41f36dbfb919e7bf0733a218244ad5e5ddb9cff51d9835c16726fec7b0d4decf8de1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
77493ca3fd4015b3900d4694715a92ad

SHA1
c72ab38bbe61717761800c54ac6c3cdb4a8a42ae

SHA256
69d2e82663ec1be7cec2d20b82b353a7a4ac2b71474aa549b5308464273285ca

SHA512
864c6fecb3c2ce8ef87ca28bc9a6c1e89262a2cff289cc47fc17e77f6775873578b986c3758c1f3e506b5462c9bafdc285ee0f5d0c2fd69ae4814fe9f9294e11

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
8745258d2ce63c13082fd5176647435f

SHA1
08b1bfcd46c32842f593242e1f5ca24a386838a1

SHA256
89faf112c004bf34f240b3b4fae6941316d3e9844d14cddbdfce4964ff410239

SHA512
0240d8bc7300411433bd93a8177f3b99d13fab039b6074061770a0fa99fbf04a1179a2d9b0b8742be2c4e2d05e546edf7f706a08effb20f43adbbf7137020760

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
e41d2e7e4144709eba47a22c238ce10e

SHA1
2981f224dbd565dc4ea7594ad17f9ff01db87b8b

SHA256
2756035ca5105caf7ab63ea7284c68403adc912bd08906bf5c18c7ff3b47ab5b

SHA512
b8d08e80bfc3675699c32897c9803a1f986167717cc2ec9d46582cf4c530d65deae5c608e69d86b8e6aa3f518d47d1fa09b9d0eb0db3397ac5d31568409aa5bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\python311.dll

Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\tzdata\zoneinfo\Africa\Dakar

Filesize
130B

MD5
796a57137d718e4fa3db8ef611f18e61

SHA1
23f0868c618aee82234605f5a0002356042e9349

SHA256
f3e7fcaa0e9840ff4169d3567d8fb5926644848f4963d7acf92320843c5d486e

SHA512
64a8de7d9e2e612a6e9438f2de598b11fecc5252052d92278c96dd6019abe7465e11c995e009dfbc76362080217e9df9091114bdbd1431828842348390cb997b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\tzdata\zoneinfo\Africa\Djibouti

Filesize
191B

MD5
fe54394a3dcf951bad3c293980109dd2

SHA1
4650b524081009959e8487ed97c07a331c13fd2d

SHA256
0783854f52c33ada6b6d2a5d867662f0ae8e15238d2fce7b9ada4f4d319eb466

SHA512
fe4cf1dd66ae0739f1051be91d729efebde5459967bbe41adbdd3330d84d167a7f8db6d4974225cb75e3b2d207480dfb3862f2b1dda717f33b9c11d33dcac418

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\tzdata\zoneinfo\Africa\Kigali

Filesize
131B

MD5
a87061b72790e27d9f155644521d8cce

SHA1
78de9718a513568db02a07447958b30ed9bae879

SHA256
fd4a97368230a89676c987779510a9920fe8d911fa065481536d1048cd0f529e

SHA512
3f071fd343d4e0f5678859c4f7f48c292f8b9a3d62d1075938c160142defd4f0423d8f031c95c48119ac71f160c9b6a02975841d49422b61b542418b8a63e441

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\tzdata\zoneinfo\Africa\Lagos

Filesize
180B

MD5
89de77d185e9a76612bd5f9fb043a9c2

SHA1
0c58600cb28c94c8642dedb01ac1c3ce84ee9acf

SHA256
e5ef1288571cc56c5276ca966e1c8a675c6747726d758ecafe7effce6eca7be4

SHA512
e2fb974fa770639d56edc5f267306be7ee9b00b9b214a06739c0dad0403903d8432e1c7b9d4322a8c9c31bd1faa8083e262f9d851c29562883ca3933e01d018c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\tzdata\zoneinfo\America\Curacao

Filesize
177B

MD5
92d3b867243120ea811c24c038e5b053

SHA1
ade39dfb24b20a67d3ac8cc7f59d364904934174

SHA256
abbe8628dd5487c889db816ce3a5077bbb47f6bafafeb9411d92d6ef2f70ce8d

SHA512
1eee8298dffa70049439884f269f90c0babcc8e94c5ccb595f12c8cfe3ad12d52b2d82a5853d0ff4a0e4d6069458cc1517b7535278b2fdef145e024e3531daad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\tzdata\zoneinfo\America\Toronto

Filesize
1KB

MD5
3fa8a9428d799763fa7ea205c02deb93

SHA1
222b74b3605024b3d9ed133a3a7419986adcc977

SHA256
815ab4db7a1b1292867d2f924b718e1bba32455ce9f92205db2feb65029c6761

SHA512
107a4dbb64107f781e3ed17b505baea28d4ca6683c2b49d146dda41c28ca3f9c307809ed938e4152011e199a7be6913de6f7b78cafe8ef300dc3034397945238

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\tzdata\zoneinfo\Etc\Greenwich

Filesize
111B

MD5
e7577ad74319a942781e7153a97d7690

SHA1
91d9c2bf1cbb44214a808e923469d2153b3f9a3f

SHA256
dc4a07571b10884e4f4f3450c9d1a1cbf4c03ef53d06ed2e4ea152d9eba5d5d7

SHA512
b4bc0ddba238fcab00c99987ea7bd5d5fa15967eceba6a2455ecd1d81679b4c76182b5a9e10c004b55dc98abc68ce0912d4f42547b24a22b0f5f0f90117e2b55

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\tzdata\zoneinfo\Europe\London

Filesize
1KB

MD5
d111147703d04769072d1b824d0ddc0c

SHA1
0c99c01cad245400194d78f9023bd92ee511fbb1

SHA256
676541f0b8ad457c744c093f807589adcad909e3fd03f901787d08786eedbd33

SHA512
21502d194dfd89ac66f3df6610cb7725936f69faafb6597d4c22cec9d5e40965d05dd7111de9089bc119ec2b701fea664d3cb291b20ae04d59bcbd79e681d07a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\tzdata\zoneinfo\Europe\Oslo

Filesize
705B

MD5
2577d6d2ba90616ca47c8ee8d9fbca20

SHA1
e8f7079796d21c70589f90d7682f730ed236afd4

SHA256
a7fd9932d785d4d690900b834c3563c1810c1cf2e01711bcc0926af6c0767cb7

SHA512
f228ca1ef2756f955566513d7480d779b10b74a8780f2c3f1768730a1a9ae54c5ac44890d0690b59df70c4194a414f276f59bb29389f6fa29719cb06cb946ceb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\tzdata\zoneinfo\Europe\Skopje

Filesize
478B

MD5
a4ac1780d547f4e4c41cab4c6cf1d76d

SHA1
9033138c20102912b7078149abc940ea83268587

SHA256
a8c964f3eaa7a209d9a650fb16c68c003e9a5fc62ffbbb10fa849d54fb3662d6

SHA512
7fd5c4598f9d61a3888b4831b0c256ac8c07a5ae28123f969549ae3085a77fece562a09805c44eab7973765d850f6c58f9fcf42582bdd7fd0cdba6cd3d432469

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\tzdata\zoneinfo\PRC

Filesize
393B

MD5
dff9cd919f10d25842d1381cdff9f7f7

SHA1
2aa2d896e8dde7bc74cb502cd8bff5a2a19b511f

SHA256
bf8b7ed82fe6e63e6d98f8cea934eeac901cd16aba85eb5755ce3f8b4289ea8a

SHA512
c6f4ef7e4961d9f5ae353a5a54d5263fea784255884f7c18728e05806d7c80247a2af5d9999d805f40b0cc86a580a3e2e81135fdd49d62876a15e1ab50e148b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\tzdata\zoneinfo\Pacific\Wallis

Filesize
134B

MD5
ba8d62a6ed66f462087e00ad76f7354d

SHA1
584a5063b3f9c2c1159cebea8ea2813e105f3173

SHA256
09035620bd831697a3e9072f82de34cfca5e912d50c8da547739aa2f28fb6d8e

SHA512
9c5dba4f7c71d5c753895cbfdb01e18b9195f7aad971948eb8e8817b7aca9b7531ca250cdce0e01a5b97ba42c1c9049fd93a2f1ed886ef9779a54babd969f761

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\tzdata\zoneinfo\Pacific\Yap

Filesize
154B

MD5
bcf8aa818432d7ae244087c7306bcb23

SHA1
5a91d56826d9fc9bc84c408c581a12127690ed11

SHA256
683001055b6ef9dc9d88734e0eddd1782f1c3643b7c13a75e9cf8e9052006e19

SHA512
d5721c5bf8e1df68fbe2c83bb5cd1edea331f8be7f2a7ef7a6c45f1c656857f2f981adb2c82d8b380c88b1ddea6abb20d692c45403f9562448908637d70fa221

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\tzdata\zoneinfo\UCT

Filesize
111B

MD5
51d8a0e68892ebf0854a1b4250ffb26b

SHA1
b3ea2db080cd92273d70a8795d1f6378ac1d2b74

SHA256
fddce1e648a1732ac29afd9a16151b2973cdf082e7ec0c690f7e42be6b598b93

SHA512
4d0def0cd33012754835b27078d64141503c8762e7fb0f74ac669b8e2768deeba14900feef6174f65b1c3dd2ea0ce9a73bba499275c1c75bcae91cd266262b78

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14482\ucrtbase.dll

Filesize
987KB

MD5
c9441142696e8bb09bc70b9605e3a39b

SHA1
f172463c4fa5e8692274cd41ef608519bfde38f7

SHA256
a8f9a12b1b6374f84380090eb396630a3409c7ec3bdeee3930ac6ca6cebe423e

SHA512
53dc0f88e0c180ccd67d3da51bb6a79a5000407bf1a7a48c8d70e0138df2f90c8fca138548408b3e9b6f520346d4be26b3cfe815719e3f581c068f4a025734dd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI14482\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
0e1dc487712e10bdda37fc16a78a42e9

SHA1
ec36402f6036eb909bb6ad0becd40070655254df

SHA256
6c1c6936309f16a42801b3e69567269e3faf9f97455d7d1ca1aeac22d963b135

SHA512
bc316e30ddfa0ec32d7d68d7e4ecaab7a3ed87fe3f9bf0b4fad123476005e218f39d2814777f183142f5e99445b5dfb0005ed6b93767b0c31af9b54cdccdc186

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads