95fa253b5086c61006a134c2921e4f3d4a5285fc061882ce6b19a82e0ebe2e88

Resubmissions

28-07-2024 15:54

240728-tcdj9s1gnj 10

26-07-2024 01:01

240726-bdhw9swenn 10

26-07-2024 00:54

240726-a9ap4awbrn 10

Analysis

max time kernel
40s
max time network
52s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
28-07-2024 15:54

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

vape-v4.exe
Size

10.9MB
MD5

0e515fd93f6760499ba52fbf1b5fe52a
SHA1

dcbdeb1aeaa4465ca1be1653c61bd8ff6f9aaefc
SHA256

95fa253b5086c61006a134c2921e4f3d4a5285fc061882ce6b19a82e0ebe2e88
SHA512

7ae1ab12a736bab4dac98118a0acfe6b90061173862fcdb852c193d2cb0e3c71160e053f0ad6393a8ff8b63bf35b81c051d7ebb2f607ee7355ce0e7841ea9132
SSDEEP

196608:whax/PAVSwLRXgWPmpzdhqiUeNvX+wfm/pf+xfdkRhZWKsnOrIWOzW0DaqhH:bAV5L1V8dvvX+9/pWFGRDBsnOrIWeRao

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2488	vape-v4.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001945e-46.dat	upx
behavioral1/memory/2488-48-0x000007FEF5450000-0x000007FEF5A38000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2488	2408	vape-v4.exe	30
PID 2408 wrote to memory of 2488	2408	vape-v4.exe	30
PID 2408 wrote to memory of 2488	2408	vape-v4.exe	30

C:\Users\Admin\AppData\Local\Temp\vape-v4.exe
"C:\Users\Admin\AppData\Local\Temp\vape-v4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Users\Admin\AppData\Local\Temp\vape-v4.exe
  "C:\Users\Admin\AppData\Local\Temp\vape-v4.exe"
  2⤵
  - Loads dropped DLL
  PID:2488

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:556

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI24082\python311.dll

Filesize
1.6MB

MD5
db09c9bbec6134db1766d369c339a0a1

SHA1
c156d9f2d0e80b4cf41794cd9b8b1e8a352e0a0b

SHA256
b1aac1e461174bbae952434e4dac092590d72b9832a04457c94bd9bb7ee8ad79

SHA512
653a7fff6a2b6bffb9ea2c0b72ddb83c9c53d555e798eea47101b0d932358180a01af2b9dab9c27723057439c1eaffb8d84b9b41f6f9cd1c3c934f1794104d45

Download Submit
memory/344-95-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/556-94-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/2488-48-0x000007FEF5450000-0x000007FEF5A38000-memory.dmp

Filesize
5.9MB

Download