Analysis
-
max time kernel
63s -
max time network
90s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28-06-2024 22:59
Static task
static1
General
-
Target
Vape v4 crack by dea.exe
-
Size
1.0MB
-
MD5
a6ebc0f0c47859be4cf6979aef8282e0
-
SHA1
7566d5588d76ba3d800af3d60b49dd6ef589ea05
-
SHA256
5858a2b22cd3ebe442cab79eb456974313a4a3a2d91d99943046a644640f5020
-
SHA512
fd62d64f2ff0c05d733cfa80eeadb3375515ed0c3db912c3fd9eaccc4f5210e4b51ff6075b31fb7d4025305b4185d54a48fc58cfd999466077b26ba0e90a80a5
-
SSDEEP
24576:GfQYMfhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRF+G:9o54clgLH+tkWJ0Nj
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 6 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 2 api.ipify.org 10 ip-api.com 48 api.ipify.org 54 api.ipify.org 58 ip-api.com 1 api.ipify.org -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
Vape v4 crack by dea.exeVape v4 crack by dea.exepid process 1184 Vape v4 crack by dea.exe 1184 Vape v4 crack by dea.exe 1184 Vape v4 crack by dea.exe 1124 Vape v4 crack by dea.exe 1124 Vape v4 crack by dea.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
Vape v4 crack by dea.exeVape v4 crack by dea.exedescription pid process Token: SeDebugPrivilege 1184 Vape v4 crack by dea.exe Token: SeDebugPrivilege 1124 Vape v4 crack by dea.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Vape v4 crack by dea.exe"C:\Users\Admin\AppData\Local\Temp\Vape v4 crack by dea.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1184
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4700
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5980 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:81⤵PID:3548
-
C:\Users\Admin\Desktop\Vape v4 crack by dea.exe"C:\Users\Admin\Desktop\Vape v4 crack by dea.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1124
-
C:\Users\Admin\Desktop\Vape v4 crack by dea.exe"C:\Users\Admin\Desktop\Vape v4 crack by dea.exe"1⤵PID:3092
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD57cf5d0683d9683b0c765125aa4b85bd9
SHA11281e67658d4d52df87f97e3ba91e08b91d8579a
SHA256ee3b5b05f6197712e993be6a37c2f335f9e5809650d15f8b0a55f456370424be
SHA512b94b101ac6574215aa652b692956fb9df1aef39dd564a9a08f1ac49def5836aa13138ccae5c96008c4adc7f8e4d0401000eeb32503799c53923e3761811c28dc
-
C:\Users\Admin\AppData\Local\Temp\BJHPFNV078BFBFF000306D2A4B55DEC35\35078BFBFF000306D2A4B55DECBJHPFNV\Screenshot.Jpeg
Filesize149KB
MD55cb2a0cf501d83c023a53564254aea08
SHA12910a1c2afac083281b477c90f7ab2d88687be69
SHA25623c71a5662a23e81863a5d2d22fcb4b28e72a956c07e49d5b879f9158c611c57
SHA512e6b0d0ea94363ea1443ba2dbfbd42e8e0208d8ee8ce1b4334e26196417469591052b2e9ea8595871a33595fa606ce12e4924d1a24d14222c47563650078b24b3
-
Filesize
92KB
MD54c2e2189b87f507edc2e72d7d55583a0
SHA11f06e340f76d41ea0d1e8560acd380a901b2a5bd
SHA25699a5f8dea08b5cf512ed888b3e533cc77c08dc644078793dc870abd8828c1bca
SHA5128b6b49e55afe8a697aaf71d975fab9e906143339827f75a57876a540d0d7b9e3cbbcdd8b5435d6198900a73895cc52d2082e66ee8cec342e72f2e427dde71600
-
Filesize
148KB
MD590a1d4b55edf36fa8b4cc6974ed7d4c4
SHA1aba1b8d0e05421e7df5982899f626211c3c4b5c1
SHA2567cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c
SHA512ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2
-
Filesize
46KB
MD502d2c46697e3714e49f46b680b9a6b83
SHA184f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA51260348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac
-
Filesize
20KB
MD5c9ff7748d8fcef4cf84a5501e996a641
SHA102867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA2564d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73
-
Filesize
128KB
MD5a4636a0bf1239fb66d9c27fe307ccc93
SHA1f3437c40d679376d341510d7ceb06203ee623ee6
SHA256ad4208423ee766f59983daf12c5a081972d9f766e8663e2dd6bf884ec9053856
SHA512a72b7965029349501ef7f3afab69f8ed08df1068de37fed6d3134ab18242750ca79d89da4a24c42ab57f4f3bffc50815013deecd76f6297ccef4f34b1c556ba2
-
Filesize
96KB
MD5d367ddfda80fdcf578726bc3b0bc3e3c
SHA123fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA2560b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
SHA51240e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77
-
Filesize
288KB
MD50412d4f1fbbc8a52195c0dd0c4526eb5
SHA18e3c27b0d10adf47213956a1b53a30488017a948
SHA256e3e09a94b9254c4f8f1b0d17f07b14a4e3df56eb70f32b2ed72673c72430e190
SHA512957faf91c2fcb46f7503e1046f45707a678d0b6eb15ad045f93030a0694eea79081e37e440a2e704ec1cc6cd946d6d3b7e4e897914d133fe551d7cfe42df88a6
-
C:\Users\Admin\AppData\Roaming\BPTVDRwNFyTHuV078BFBFF000306D2A4B55DEC61\61078BFBFF000306D2A4B55DECBPTVDRwNFyTHuV\Browsers\Passwords\Passwords_Edge.txt
Filesize426B
MD542fa959509b3ed7c94c0cf3728b03f6d
SHA1661292176640beb0b38dc9e7a462518eb592d27d
SHA256870ef3d2370932a8938faa60abd47d75ea0af98bfa11c82ae8efe9e94fd8be00
SHA5127def291737d081c93d0cc38ac8d3062fd34d93b68d191eb0d54e9857e0c0afdbcd241471a2e10c28ce8db3b1d1ae0dba2ef6f609cfe8a1e8fe1dd103dba80007