68c622f3d89062313fdaf3069a49dc136d8e92ac5b1fc9fc66f5c1d2594a6243

Submit
Reports

Overview

overview

Static

static

vape lite ...er.bat

windows7-x64

vape lite ...er.bat

windows10-2004-x64

vape lite ...er.bat

windows7-x64

vape lite ...er.bat

windows10-2004-x64

vape lite ...ver.py

windows7-x64

vape lite ...ver.py

windows10-2004-x64

vape lite ...er.exe

windows7-x64

vape lite ...er.exe

windows10-2004-x64

vape lite ...oo.dll

windows7-x64

vape lite ...oo.dll

windows10-2004-x64

vape lite ...te.exe

windows7-x64

vape lite ...te.exe

windows10-2004-x64

vape lite ...ver.py

windows7-x64

vape lite ...ver.py

windows10-2004-x64

vape lite/...er.exe

windows7-x64

vape lite/...er.exe

windows10-2004-x64

vape lite/...oo.dll

windows7-x64

vape lite/...oo.dll

windows10-2004-x64

vape lite/...te.exe

windows7-x64

vape lite/...te.exe

windows10-2004-x64

vape lite/...ver.py

windows7-x64

vape lite/...ver.py

windows10-2004-x64

vape lite/...ll.bat

windows7-x64

vape lite/...ll.bat

windows10-2004-x64

vape lite/...un.bat

windows7-x64

vape lite/...un.bat

windows10-2004-x64

vape lite/server.py

windows7-x64

vape lite/server.py

windows10-2004-x64

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 21:02

Sharing

Copy URL

Twitter E-mail

Static task

static1

themida

2 signatures

Behavioral task

behavioral1

Sample

vape lite (fixed crack)/vape lite fixed/Python Numpy Installer.bat

Resource

win7-20240708-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

vape lite (fixed crack)/vape lite fixed/Python Numpy Installer.bat

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

vape lite (fixed crack)/vape lite fixed/Python PIPs Installer.bat

Resource

win7-20240705-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

vape lite (fixed crack)/vape lite fixed/Python PIPs Installer.bat

Resource

win10v2004-20240704-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral5

Sample

vape lite (fixed crack)/vape lite fixed/Server.py

Resource

win7-20240704-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral6

Sample

vape lite (fixed crack)/vape lite fixed/Server.py

Resource

win10v2004-20240709-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral7

Sample

vape lite (fixed crack)/vape lite fixed/Vape Lite/Kangaroo Patcher.exe

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

vape lite (fixed crack)/vape lite fixed/Vape Lite/Kangaroo Patcher.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

vape lite (fixed crack)/vape lite fixed/Vape Lite/Kangaroo.dll

Resource

win7-20240704-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

vape lite (fixed crack)/vape lite fixed/Vape Lite/Kangaroo.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral11

Sample

vape lite (fixed crack)/vape lite fixed/Vape Lite/Vape_Lite.exe

Resource

win7-20240705-en

evasion themida trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral12

Sample

vape lite (fixed crack)/vape lite fixed/Vape Lite/Vape_Lite.exe

Resource

win10v2004-20240704-en

evasion themida trojan

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral13

Sample

vape lite (fixed crack)/vape lite fixed/dumper/mitm_server.py

Resource

win7-20240705-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral14

Sample

vape lite (fixed crack)/vape lite fixed/dumper/mitm_server.py

Resource

win10v2004-20240709-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral15

Sample

vape lite/Vape Lite/Kangaroo Patcher.exe

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

vape lite/Vape Lite/Kangaroo Patcher.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

vape lite/Vape Lite/Kangaroo.dll

Resource

win7-20240705-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral18

Sample

vape lite/Vape Lite/Kangaroo.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral19

Sample

vape lite/Vape Lite/Vape_Lite.exe

Resource

win7-20240708-en

evasion themida trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral20

Sample

vape lite/Vape Lite/Vape_Lite.exe

Resource

win10v2004-20240709-en

evasion themida trojan

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral21

Sample

vape lite/dumper/mitm_server.py

Resource

win7-20240704-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral22

Sample

vape lite/dumper/mitm_server.py

Resource

win10v2004-20240709-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral23

Sample

vape lite/requirements install.bat

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

vape lite/requirements install.bat

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

vape lite/server run.bat

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

vape lite/server run.bat

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

vape lite/server.py

Resource

win7-20240708-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral28

Sample

vape lite/server.py

Resource

win10v2004-20240709-en

windows10-2004-x64

3 signatures

150 seconds

Report Analysis Logs

General

Target

vape lite (fixed crack)/vape lite fixed/Python PIPs Installer.bat
Size

223B
MD5

70c0fa461015c7341d0d8b2ff4a4bdbd
SHA1

e223294f552f9effc6408d58357fa4b53d2d222c
SHA256

f137d19fad6043d90b7db03346f1021b10d719eb1961d76e9f32cc5584fe0153
SHA512

ad3261cae10fd967a76e09ef3cf0ed02b238c217626a6cf9fc338c11ee199484b5b0dcac0e3dc515f223a4e8c28b25d1b46a1a5ec0d4d63345165aa956a5f9cd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 2520	1364	cmd.exe	32
PID 1364 wrote to memory of 2520	1364	cmd.exe	32
PID 1364 wrote to memory of 2520	1364	cmd.exe	32

Processes

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\vape lite (fixed crack)\vape lite fixed\Python PIPs Installer.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\system32\mode.com
  mode 55, 9
  2⤵
  PID:2520

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads