Overview

overview

7

Static

static

3

Vape V4/Va...10.jar

windows10-1703-x64

1

Vape V4/Vape4DLL.dll

windows10-1703-x64

1

Vape V4/Va...nt.bat

windows10-1703-x64

1

Vape V4/va...er.jar

windows10-1703-x64

7

Analysis

  • max time kernel
    15s
  • max time network
    17s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/06/2024, 12:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Vape V4/vape-loader.jar

  • Size

    5.8MB

  • MD5

    0af84cde205379406ed7424bfeeaa984

  • SHA1

    604a5fc67266c2f314ffaf6a3ad0ee456cd3b13e

  • SHA256

    fee5c0402235d8ee930b1be9bdfb946ae3bbbf4e93c7f35a9f8b1f27456ba589

  • SHA512

    c01ad0758ffbbeac006bf9a0cd502a5ec427d166750cc8d614b0d68dfcbc7dbe22d10c3f5e1af4fb8e34b423fa64f9ea6a6b07df3a4d2bdb604b109c57ef3dbb

  • SSDEEP

    98304:LXUuAOlZpvIysoHAqvirdGAuXXo/fdMurv4Am3HWJCcqG7gWXYH1qRIo3OSdcisZ:L1AOlZpAdiAMi5luX4/aur7gGUWX26Il

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\Vape V4\vape-loader.jar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:408
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:4036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    6da86849a9e2a6852ba309ed99a185e3

    SHA1

    b3e0db190b40d5e0b73593822abb13e2cb8a5ace

    SHA256

    2ec9726e634f15506a79be5c0451326c8500784b0263695e0beca8bcc263b25b

    SHA512

    493cd34acebba426f98dc6f2ed7475cbd499bcb49de57ed565cd54fd9a16f02b0d4b2e41aa1a9094d24b8486b3fd759d0073a05288f3d2fa8ab857ff616a47eb

    Download Submit

  • memory/408-2-0x0000021B11AE0000-0x0000021B11D50000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/408-13-0x0000021B101A0000-0x0000021B101A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/408-14-0x0000021B11AE0000-0x0000021B11D50000-memory.dmp

    Filesize

    2.4MB

    Download