Overview
overview
10Static
static
3maple.rar
windows7-x64
3maple.rar
windows10-2004-x64
3maple/Maple.exe
windows7-x64
7maple/Maple.exe
windows10-2004-x64
10main.pyc
windows7-x64
3main.pyc
windows10-2004-x64
3maple/asse...ge.png
windows7-x64
3maple/asse...ge.png
windows10-2004-x64
3maple/asse...g.json
windows7-x64
3maple/asse...g.json
windows10-2004-x64
3maple/crack.dll
windows7-x64
9maple/crack.dll
windows10-2004-x64
9maple/loader.exe
windows7-x64
7maple/loader.exe
windows10-2004-x64
10Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
17-07-2024 08:22
Behavioral task
behavioral1
Sample
maple.rar
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
maple.rar
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
maple/Maple.exe
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
maple/Maple.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
main.pyc
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
main.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
maple/assets/avatars/image.png
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
maple/assets/avatars/image.png
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
maple/assets/config.json
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
maple/assets/config.json
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
maple/crack.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
maple/crack.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
maple/loader.exe
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
maple/loader.exe
Resource
win10v2004-20240709-en
General
-
Target
maple.rar
-
Size
83.6MB
-
MD5
5496bbda0f232739693181b75449651d
-
SHA1
6ead70b12fbe4531997c3ea926c7b063d3774993
-
SHA256
45a32a4a46e916adfb5017ef80f07b7410f04879cd75193fedce951ba1751ced
-
SHA512
e11145b8b3ffcfc43cde8b8f002c5607275ab80bd502126ceee4b616915b1f887a33536b9d1a6ffea82b37e696a23acaa829b7cf58b16d81b1e9236c8a750d72
-
SSDEEP
1572864:juAoNPdn4+nKVQDd75zrPu5IdW6fZoNTLjqCJNekAKSO4OTLgpjK8SAsUja3J8/d:iFznKurPohjqCakQvWgpeThUu3JAtZ
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1800 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1800 vlc.exe -
Suspicious use of FindShellTrayWindow 10 IoCs
pid Process 1800 vlc.exe 1800 vlc.exe 1800 vlc.exe 1800 vlc.exe 1800 vlc.exe 1800 vlc.exe 1800 vlc.exe 1800 vlc.exe 1800 vlc.exe 1800 vlc.exe -
Suspicious use of SendNotifyMessage 9 IoCs
pid Process 1800 vlc.exe 1800 vlc.exe 1800 vlc.exe 1800 vlc.exe 1800 vlc.exe 1800 vlc.exe 1800 vlc.exe 1800 vlc.exe 1800 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1800 vlc.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 1344 wrote to memory of 624 1344 cmd.exe 31 PID 1344 wrote to memory of 624 1344 cmd.exe 31 PID 1344 wrote to memory of 624 1344 cmd.exe 31 PID 624 wrote to memory of 2820 624 rundll32.exe 32 PID 624 wrote to memory of 2820 624 rundll32.exe 32 PID 624 wrote to memory of 2820 624 rundll32.exe 32 PID 2820 wrote to memory of 1800 2820 rundll32.exe 35 PID 2820 wrote to memory of 1800 2820 rundll32.exe 35 PID 2820 wrote to memory of 1800 2820 rundll32.exe 35
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\maple.rar1⤵
- Suspicious use of WriteProcessMemory
PID:1344 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\maple.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:624 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\maple.rar3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2820 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\maple.rar"4⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1800
-
-
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:856
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2852