Overview
overview
10Static
static
10VenomCrypt...ib.dll
windows7-x64
1VenomCrypt...ib.dll
windows10-2004-x64
1VenomCrypt...or.exe
windows7-x64
10VenomCrypt...or.exe
windows10-2004-x64
10VenomCrypt...er.exe
windows7-x64
1VenomCrypt...er.exe
windows10-2004-x64
1VenomCrypt...I2.dll
windows7-x64
1VenomCrypt...I2.dll
windows10-2004-x64
1VenomCrypt...or.dll
windows7-x64
1VenomCrypt...or.dll
windows10-2004-x64
1VenomCrypt...er.exe
windows7-x64
10VenomCrypt...er.exe
windows10-2004-x64
10Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231025-en -
resource tags
arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system -
submitted
03-12-2023 13:27
Behavioral task
behavioral1
Sample
VenomCrypter/Core/dnlib.dll
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
VenomCrypter/Core/dnlib.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral3
Sample
VenomCrypter/Core/dotnetreactor.exe
Resource
win7-20231023-en
Behavioral task
behavioral4
Sample
VenomCrypter/Core/dotnetreactor.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral5
Sample
VenomCrypter/Core/venom_crypter.exe
Resource
win7-20231025-en
Behavioral task
behavioral6
Sample
VenomCrypter/Core/venom_crypter.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral7
Sample
VenomCrypter/Guna.UI2.dll
Resource
win7-20231130-en
Behavioral task
behavioral8
Sample
VenomCrypter/Guna.UI2.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral9
Sample
VenomCrypter/SimpleObfuscator.dll
Resource
win7-20231023-en
Behavioral task
behavioral10
Sample
VenomCrypter/SimpleObfuscator.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral11
Sample
VenomCrypter/VenomCrypter.exe
Resource
win7-20231201-en
General
-
Target
VenomCrypter/Core/venom_crypter.exe
-
Size
107KB
-
MD5
473b0559e3be87128dbf66e483150fbb
-
SHA1
3a710cf2366837dcdbf4ad2831044f1c594c2106
-
SHA256
a75977968a6ca4af41552ed47c4315c1782b12223f7001f8ae5c8547781724e0
-
SHA512
8e0bc5be8211504c37fc827262f8c76b6ef2811e20cbad3be3bbcdda705985e505fe6cb9255b079a0eddabe233f32a3932ec796665de8b54458e3c9730d322b6
-
SSDEEP
3072:bdZLLyEmnB0lc3fy000NMCUkpH2fydk0AK8QFAD1DEAPIu+bpcdjM0:ZZLLyEmnB0lcvy000NMv6H2fydIKxADm
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
venom_crypter.exedescription pid process target process PID 3064 wrote to memory of 2780 3064 venom_crypter.exe WerFault.exe PID 3064 wrote to memory of 2780 3064 venom_crypter.exe WerFault.exe PID 3064 wrote to memory of 2780 3064 venom_crypter.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\VenomCrypter\Core\venom_crypter.exe"C:\Users\Admin\AppData\Local\Temp\VenomCrypter\Core\venom_crypter.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3064 -s 5322⤵PID:2780