Overview

overview

10

Static

static

10

VenomRAT/P...er.exe

windows7-x64

1

VenomRAT/P...er.exe

windows10-2004-x64

1

VenomRAT/V...NC.exe

windows7-x64

1

VenomRAT/V...NC.exe

windows10-2004-x64

10

VenomRAT/V...xe.xml

windows7-x64

1

VenomRAT/V...xe.xml

windows10-2004-x64

1

VenomRAT/p...et.dll

windows7-x64

1

VenomRAT/p...et.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    106s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    27-02-2023 14:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VenomRAT/VenomRAT_HVNC.exe

  • Size

    16.5MB

  • MD5

    c90bb028354000acc74485f2db4ab492

  • SHA1

    28e6ce32a075669b3e382eaeb4871f7c3fc3bbef

  • SHA256

    54df65f59a153e58faafc63addf325b7c492f000b8cda7e3cf527f5c0080325d

  • SHA512

    9400521f9dd1fd76a914006133cd9b9dc5c8783407ff6b99fbb5a74c1a81e45818772ef4e1cabc9c67232bf60d977b48c2fadcb9401ae05e7c8e23fcf9ba7406

  • SSDEEP

    393216:sl9Yl7Elel7ElAlQleTl/l/l/l/l/lzlml/lqlZlHl/l/l/l/l/l/lIlAl+lUl2x:WTXT

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VenomRAT\VenomRAT_HVNC.exe
    "C:\Users\Admin\AppData\Local\Temp\VenomRAT\VenomRAT_HVNC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=VenomRAT_HVNC.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1208
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:572

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa4feacabe0fcf64885a193f88f722db

    SHA1

    31220a80c8cf6518c09b134e011cec210b5f1d1f

    SHA256

    5151e7d49864a513b9a0dbad18228a6c5605347371447a7f61bdb620c0eabc08

    SHA512

    6ac528eb2b609dc2df7331bc651369c7af1d72884ee643877bdf9eb88f3f43e91ff966093f159891ca304ddef5aec9f43a977af21f0843c9132c0b82ddfdbec4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ca6bd0010861b25f7305cd7e20852c3

    SHA1

    ecbbef336ae308e07736ee552de2047c40c0f071

    SHA256

    b661a3c05d8b8dbfedf672ae880dff81a6f62b7d10092ba931c3bb6dbc6d38d9

    SHA512

    0f7f7cb5212745c3b2383a49518ef162293e16214e64550e27fe27bcf5f6e0de2a26fccdae29e61bdb5856b44ff8e9ea85a5178da800d49d7e7e4decde9a0672

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    595a8fcd8450a6ec9500f5ee66521a40

    SHA1

    fd90076a3c1aee65f3b28dfa683b7aeadbfd44f2

    SHA256

    ee912688edd40f8e76c0fa9a074641c9d544b986cbcaf7deaac82dc81ff1ca7a

    SHA512

    0dcfb0c0b485e14d5adaa47e2cd54e78bb921ca8e3deeb6408f2c478e6388f35777ee4e82bc434f03e03990efbbe022429e37de3f242c92d3a04c8738fd8debf

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eff872ecbdcfd1b0386cf927680ae5ba

    SHA1

    959c1f3d7ff893cd452834d4eb547d4f92111088

    SHA256

    e488f80277886abdd1f69d751b496811c6b6dea91e8809c95fc171789cdd04d4

    SHA512

    c5a17b197a17727ce9c9c16c4729dd859060eeb98f626b527e1a65a493ad7a516c1ed9e8ac49bb1c6d3acb2b71eecbf267bc5ddb88a4479e4cffb1a1bc944c6e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d117612ed4d9ee143a33d70485c2413b

    SHA1

    4b9738660511877647a77a2503b68a218129f310

    SHA256

    35522b7b403980128d5125c3959fe06a49dcd93d525c5b24710a5a69c9c56b92

    SHA512

    683f27f0e5f7c3ce73faf51e599979e32b2ea5137f84b7a954b2d073c143ae6e50b36e3f2f44ec25713c8749e5a7f8f9f9e1eecdd3b6fde6eaddfa6cb3385948

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    299e0067d8d201503e47aeec05882186

    SHA1

    d541acb1135c68854c7a55d9576dc5c390b2ed54

    SHA256

    6118e67bcb67466ab6bfd9b0193af41d8cca83bfc7b989b8c410ac37405608f3

    SHA512

    1f38d90384e9c2c92276fc71053dc0a3d29b0a91833afebdbc447897db8003240160bc8d61e97f673ff4cb3091e953a0491de5aa0243603c2b758c98f565a455

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7592cafe6a54037867221aa83359d3d0

    SHA1

    bbbfc327a723f730c311e99b3481e4c73756b93c

    SHA256

    f8921ecd8d2ce6d611dc4174738fd215cb8953e559d267e09e9fd94265ec5acf

    SHA512

    0113db127eb0535232db2c0320b8d96926cd70846af0cd31b17168cf26903e96356f9e9662bb31d80317a38f1e63575b03edef39ca26b605dbf848a1b51d0bf0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e33a80a27c7968d3a347db0c689eb4b8

    SHA1

    d6270060d84613a4a7a4334b57561aeefd99949d

    SHA256

    842fc4661fbda90834a81c0f68daf66f2311b62ae20818848d6fe1e7e7c6e5e8

    SHA512

    0a386a3021cc37843c1381c251fbda0288d65bb886c02df9d71ff365be24908de11ef49301dcba0a1d70fc41ba59c0be82af8ed09c9df666ec57cd4586289f79

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f14739759958904f270755c6e1326c5

    SHA1

    d514d507ff29c994d1398cfaf93076401efa0ca3

    SHA256

    bdd2ce20e0043e56bc48d6e01aefe421d865f1e2d717fa3851a522b53411c2ab

    SHA512

    f6e9fd28a97f6436ba5f5811cc3d63b07792e22ce2f1ba1251706854fc31c3f033e08dcdc581ede8c9e3a4607aa583ca20d9f2bfd1f1ff456eb7e088942cccb3

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA5D7P93\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab49C0.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar4A30.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\EV19Q83M.txt
    Filesize

    604B

    MD5

    ea2d748d7dc5a7528a1f0880a5f59811

    SHA1

    492f83e36709133dcc71b93c6d0936be2f9efd51

    SHA256

    bfd3ce63bf13b657da6ddf01ec011c6684ebdf51ac4f5d313c7c9257f300610c

    SHA512

    256236e1def04cb65807c76b6828a6862671a42a64c2e4762c53419c43ac2cbd0405bf1a77dc94a7339ae6d6ff58088d67183ad766122a3b5c0376cd918d4388

    Download Submit
  • memory/572-55-0x00000000006A0000-0x00000000006A2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1208-54-0x00000000028B0000-0x00000000028C0000-memory.dmp
    Filesize

    64KB

    Download